Cyble Research & Intelligence Labs (CRIL) identifies a ControlByWeb Cross-Site Scripting Vulnerability – CVE-2023-6333

Cyble’s Senior Researcher, Prajitesh Singh, recently identified a Cross-Site Scripting Vulnerability (CVE-2023-6333) in the web-enabled Ethernet I/O module X-301 and X-332 product of ControlByWeb. These products play a crucial role in several vital operations within Critical Infrastructure sectors, enhancing the potential dangers of cyberattacks. Cyble collaborated with the official vendor to share these findings. Subsequently, the information was jointly submitted to the Cybersecurity and Infrastructure Security Agency (CISA) via the Vulnerability Information and Coordination Environment (VINCE) platform to support the Coordinated Vulnerability Disclosure (CVD) program. The vulnerability was then classified in the “high-severity” category, further underscoring its relevance and risk. The affected products are integral to Multiple Critical Infrastructure sectors and have a broad range of industrial applications, such as controlling motors, lights, coils, pumps, valves, belts, etc. Any compromises here can lead to various critical implications ranging from financial losses to disruption of critical supply chains. Moreover, such vulnerabilities can open the door for malicious actors to manipulate these systems, causing physical damage to the infrastructure and posing risks to the operators themselves.

An example of malicious actors’ interest in compromising similar systems is the recent attack on the Municipal Water Authority of Aliquippa in western Pennsylvania. This attack was attributed to an Iranian-backed cyber group known as CyberAv3ngers, further highlighting the constant efforts that malicious actors undertake to actively seek new vectors for disrupting National Services. They especially target vulnerabilities and misconfigurations in Industrial Control System (ICS) assets. In the event that an attack successfully compromises these systems within an Operational Technology (OT) environment, it can result in extreme consequences to the firm, national critical infrastructure, global supply chains, and even the physical safety of engineers, operators, and heavy machinery. Collaboration between OT asset vendors and public organizations is crucial to secure Industrial Control Systems (ICS) globally for the smooth and secure operation of National Critical Services”, Prajitesh Singh, Senior Research Engineer at Cyble, mentioned, “Due to the critical role of the OT sector, organizations must equip themselves with the latest threat intelligence to stay ahead of malicious actors and secure their systems. I am proud to contribute such findings to the OT community, shedding light on these issues and helping create more resilient systems.” A crucial component in preventing these critical systems from being compromised is adopting a proactive threat posture, equipping organizations with real-time threat intelligence via platforms such as ODIN. These platforms are tailor-made to assist users in scanning internet-exposed assets, providing actionable intelligence that indicates potentially vulnerable systems and products susceptible to targeting by malicious actors. This, in turn, can lead to the compromise of the targeted products. Being forewarned and armed with these insights, organizations can take corrective action on these products, patch vulnerabilities, roll out software updates, and inform their user base and the relevant authorities, fostering an environment of collective information sharing and collaboration. This collaboration is essential, as Singh notes that it is not just one organization, industry, or nation that is affected by a successful compromise of these critical products. Due to their role in the increasingly globalized economy and the critical place that these sectors occupy in national security, international trade, and manufacturing, their continued security is of paramount importance to everyone, ranging from public organizations such as CISA to the manufacturers of OT/IT components and everyone in between. Cyble continues to be vigilant for vulnerabilities across all exposed products using our proprietary AI and ML-driven algorithms present in all Cyble products, enabling companies to find and report these to you in real time, often before these can be exploited.