Security researchers who have analyzed popular remote access solutions for industrial control systems (ICS) found multiple vulnerabilities that could allow unauthenticated attackers to execute arbitrary code and breach the environment.
The flaws are in virtual private network (VPN) implementations and adversaries could exploit them by causing physical damage when connecting to field devices and programmable logic controllers (PLCs).
Vulnerability researchers say that the impacted VPNs are widely used in the oil, gas, utilities and automation sectors and exploitation could result in attackers gaining access to field devices and therefore, potentially causing physical damage.
The weakness is related to the proprietary customization of the VPN client adopted by these vendors.
Customers that are using these vulnerable ICS solutions now have to install patches for all software involved.
But before they do that, there are several questions that must be answered by the engineers in charge of adopting ICS solutions.
How do we patch the software?
How long will it take to patch all our installation?
What if the hackers have already taken access to some of our machines?
How many man-hours will be required to secure our machine fleet?
Did we lose our good reputation with our customers?
The good news is only for those that have adopted IO Industry remote access solution.IO Industry uses EZ VPNTM technology and infrastructure, which adopts OpenVPN as the end-to-end VPN technology. This difficult-to-implement technology strategy implemented by EZ VPNTM developers is now paying off. Since the very beginning, the development of a proprietary VPN client, identified by EZ VPNTM , as a potential security threat.
Proprietary/closed VPN implementations are subject to zero-day vulnerabilities, discovered and used by hackers to get access to remote systems.
OpenVPN is an open source technology and one of the major VPN implementations, so therefore the presence of zero-day vulnerabilities is virtually impossible.
There are many reasons why using OpenVPN as the end-to-end VPN technology is crucial from the security point of view.
OpenVPN was built with the purpose of creating a secure END-TO-END communication
We are 100% compliant with OpenVPN. No matter which client you use as long as it is 100% compliant with OpenVPN
OpenVPN clients are available for desktop, server and mobile platforms.
OpenVPN is developed and checked by a community of millions of users that are continuously checking and improving the Open Source code of this technology.
OpenVPN uses an industrial-rated security model designed to protect against both passive and active attacks.
At IO Industry, security is our top priority. We know how important that is for our customers. All of our customers depend on EZ VPNTM remote access technology and we cannot afford, in any way, to compromise the security and the safety of their machines and installations. At EZ VPNTM, we have a dedicated team of people that are committed to making sure our platform is the most secure as possible.