Gemalto vulnerabilities could expose ICS

Security researchers discovered 14 vulnerabilities in Gemalto Sentinel LDK tool that can expose Industrial Control Systems (ICS) and corporate systems to remote attacks if unpatched.

The Sentinel tool is used by many organizations on their enterprise and ICS networks for software licensing and protection.

The vulnerabilities include denial of service (DoS) attacks, arbitrary code execution with system privileges, and capturing NTLM hashes, Security Week reports.

Also, Kaspersky researchers discovered that port 1947 also remains open to remote access after a SafeNet Sentinel USB dongle is used to connect to a PC/server in order to activate a product. The USB device installs the necessary Windows/third party drivers and port 1947 is then added to the Windows firewall, which remains open even after the device is disconnected. 

The Gemalto software is used in vendor products from companies such as ABB, General Electric, HP, Cadac Group, Siemens and Zemax. 

Eleven of the 14 vulnerabilities were discovered in late 2016 and early 2017 and fixes were first made available in June of 2017.

Another three were found in June of 2017. Gemalto has since issued a fix with version 7.6, but some Kaspersky security experts have criticized the way the company had communicated the vulnerabilities and fixes to customers and the risks exposed by these vulnerabilities. 

The primary concern is many software developers and affected products may not have applied the necessary fixes. 

Leave a Reply

Your email address will not be published. Required fields are marked *