Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers
A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices. This flaw puts sensitive industrial systems at risk, granting malicious actors a gateway into critical operational technology (OT) environments.
How the Exploit Works
Researchers Tan Inn Fung and Mah Chia Hui of Govtech discovered that attackers can exploit weaknesses within the gateway’s limited shell feature.
The attack exploits the limited shell’s functions to read, write, and modify any file within the operating system. By manipulating these capabilities, an attacker can replace the /etc/passwd file to introduce a new root user entry. This allows the attacker to escape the limited shell and gain unrestricted root access to the system. Once root access is achieved, the attacker has the potential to take full control over the IIoT Gateway, posing a severe threat to the entire network.
Who’s at Risk
Any organization utilizing Skylab IGX IIoT Gateways with version 1.2.12 or earlier is likely vulnerable. These gateways act as critical bridges between factories, production lines, and IT networks. If compromised, the consequences could be severe.
Potential Impact
- Data Breaches: Attackers could steal sensitive OT data, blueprints, or intellectual property.
- Operational Disruption: Hackers could shut down critical machinery, cause deliberate malfunctions, or halt production processes altogether.
- Ransomware Attacks: The compromised gateway could be used as a launchpad to infect the entire industrial network with ransomware, crippling operations.
- Safety Hazards: Malicious control over machinery poses potential risks to worker safety and the integrity of the facility.
Urgent Action Required
In response to the discovery of CVE-2024-4163, several steps are recommended to mitigate the risk:
- Check Version: Verify if your IGX IIoT Gateways are running v1.2.12 or older.
- Apply Patches: If updates are available, install them as a top priority following best security practices.
- Monitor for Anomalies: Watch for any unusual behavior on the gateway or connected OT devices.
