Oracle POS Systems exists a high risk flaw

According to bleepingcomputer media reports, Oracle Micros POS systems (Point-of-Sale System) there is a high-risk security vulnerability, hackers can download all the company’s business data after the invasion.

The vulnerability, discovered by Dmitry Chastuhin, a security researcher from ERPScan, allows attackers to read and access POS system data without authentication.

ERPScan wrote in a blog post that an attacker can access local files by accessing vulnerable devices, obtain usernames and passwords, and gain full access to the database.

According to the assessment, the severity of the vulnerability is classified as 8.1 out of 10.

The researchers said the vulnerabilities could be exploited by people who have had the opportunity to accept vulnerable POS terminals, such as company employees. In addition, without being sure whether a device can be exploited, attackers can scan for vulnerable devices by scanning the network. If the devices and machines around the store are connected via Ethernet, the attack becomes easy.

Oracle said earlier this month that the vulnerability has been fixed. The company said the complexity of the attack was “high” and admitted that the vulnerability was at a high level of severity.

POS system equipment is vulnerable. Earlier this year, Forever 21 confirmed that its paid terminals were installed with malicious software for as long as six months, putting thousands of customers at risk of credit card fraud.

In response, Oracle did not respond to the comment request.

It is understood that Oracle in 2014 for 5.3 billion acquisition of Microsoft Micros. At the time of the acquisition, more than 330,000 restaurants, stores, and hotels in 180 countries were using Micros’s services.