Get in Touch
Access7: Supply Chain Vulnerabilities
Overview
Researchers have identified 7 vulnerabilities affecting the Axeda IoT framework which is used in more than 150 different models of device. The majority are medical devices but others in the financial sector, manufacturing, and other sectors are also affected.
Vulnerabilities include hard-coded credentials, unauthenticated command API, and full command execution.
Impact
A network-based attacker could remotely execute code, access the file system or alter system configurations on devices built with PTC Axeda.
Vulnerability Detection
These can be difficult to detect and highlights the need for detailed inventory management.
Affected Products
All versions of the Axeda Agent prior to 6.9.3.
A list of devices is available here.
Containment, Mitigations & Remediations
As a supply chain issue, updates for devices will need to be provided by individual manufacturers.
Where possible, IoT devices should not be internet facing and remote access should be controlled using a VPN. Network segmentation can reduce the risk from compromised devices.
The following ports can be blocked to prevent exploitation:
cve | port | description |
---|---|---|
CVE-2022-25249 | 56120, 56130 | Web server of main agent service |
CVE-2022-25250 | 3011 | Main agent service shutdown signal |
CVE-2022-25251 | 3031 | Main agent service configuration |
CVE-2022-25246 | 5920, 5820 | VNC agent |
CVE-2022-25248 | 3077 | Event log, used in deployment configuration |
CVE-2022-25247 | 3076 | Code execution and file system access, used in deployment configuration |
Indicators of Compromise
No active exploitation has been noted.
Threat Landscape
Common components, such as those found to be vulnerable, present wide opportunities for threat actors to target supply chains in order to impact higher numbers of devices. Attacks against Operation Technology (OT) is on the rise because of its increasing prevalence.
Access to medical information and the possibility to tamper with test results or function present the highest risk of these vulnerabilities but attacks targeted against ATMs, vending machines, barcode scanning systems, and industrial manufacturing equipment may have an unintended, but direct consequences, to individuals.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
T0862 – Supply Chain Compromise
Further Information
How Supply Chain Vulnerabilities Can Allow Unwelcomed Access to Medical and IoT Devices
Security vulnerabilities identified in the Axeda agent and Axeda Desktop Server