OTPulse
FeedAboutContact

Fox DataDiode Proxy Server CSRF Vulnerability

Low RiskICS-CERT ICSA-14-269-02Jun 29, 2014
Summary

The Fox DataDiode Proxy Server is vulnerable to cross-site request forgery (CSRF) attacks, which could allow an attacker to perform unauthorized actions on the appliance if a user visits a malicious webpage while authenticated to the device's web interface.

What this means
What could happen
An attacker could trick an authenticated administrator into performing unintended actions on the DataDiode appliance, such as changing configuration settings, disabling security features, or modifying network rules that control data flow between network zones.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators running Fox DataDiode Appliances version 1.7.1 or earlier for network segmentation and one-way data transfer between operational technology and IT networks should be aware of this vulnerability affecting the management interface.
How it could be exploited
An attacker creates a malicious webpage containing forged requests to the DataDiode web interface. When an authenticated administrator visits the page, the browser automatically sends the forged request with the administrator's session credentials, allowing the attacker to execute actions without the administrator's knowledge.
Prerequisites
  • Administrator or privileged user must be logged into the DataDiode web interface
  • The authenticated user must visit a webpage controlled by the attacker
  • Web browser must allow cross-site requests (default behavior)
CSRF attack vector requires user interactionAffects management interface of network security applianceNo patch available - product is unsupportedLow exploit probability but impacts system configuration
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Fox DataDiode Appliance: 1.7.1_and_below1.7.1 and belowNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDUse a web application firewall or proxy to filter CSRF attacks targeting the DataDiode interface
Mitigations - no patch available
0/3
Fox DataDiode Appliance: 1.7.1_and_below has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the DataDiode management interface; allow only trusted administrative workstations to reach the web interface
HARDENINGEducate administrators to avoid visiting untrusted websites while logged into the DataDiode appliance
HARDENINGMonitor for unexpected configuration changes to the DataDiode appliance and review admin logs regularly
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/a2bd4129-11c3-4a9c-bb2f-33be701ae3db
Fox DataDiode Proxy Server CSRF Vulnerability - OTPulse