OTPulse

Rapid Response Monitoring My Security Account App

MonitorCVSS 7.5ICS-CERT ICSA-25-051-05Feb 20, 2025
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The My Security Account App API contains an access control flaw (CWE-639) that could allow an attacker to access sensitive information belonging to other users. The vulnerability affects versions released before July 29, 2024. Successful exploitation requires only network access and no authentication.

What this means
What could happen
An attacker could read sensitive account information of other users in the security monitoring system, potentially exposing operational data, credentials, or control system configuration details stored in the application.
Who's at risk
Any organization using the My Security Account App API for monitoring or managing security accounts in industrial or utility environments should be concerned. This affects IT personnel who rely on the app to manage access to control systems, HMIs, or engineering workstations.
How it could be exploited
An attacker on the network sends API requests to the My Security Account App without valid credentials, manipulating parameters to access data belonging to other user accounts. This is a direct network-based attack requiring no authentication.
Prerequisites
  • Network access to the My Security Account App API endpoint
  • No authentication credentials required
remotely exploitableno authentication requiredlow complexityvendor reports patched server-side
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
My Security Account App API: <7/29/24<7/29/24No fix yet
Remediation & Mitigation
0/4
Do now
0/3
HOTFIXVerify with Rapid Response Monitoring that the vulnerability has been patched on their hosted service by requesting confirmation of patch deployment date
WORKAROUNDRestrict network access to the My Security Account App API to authorized IP addresses or networks using firewall rules
HARDENINGAudit access logs for the My Security Account App API to detect any unauthorized access to other users' accounts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGRequire VPN access for all connections to the My Security Account App API from remote locations
View full CISA ICS-CERT advisory
API: /api/v1/advisories/72b2664a-e387-4892-97ad-d24af9917e4e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Rapid Response Monitoring My Security Account App | CVSS 7.5 - OTPulse