Cybersecurity researcher Jose Bertin has identified critical vulnerabilities in construction controllers from the company “Tekon-Automatika”, which specializes in equipment and software for elevators and other building systems.
The results of Shodan search queries show more than 100 controllers of engineering equipment available on the Network. 117 devices are located in Russia and 3 in Ukraine.
The problems are related to the use of default credentials. The default credentials provide administrator access to the controller user interface. A researcher has found a way to execute code with superuser privileges using a function to add plugins.
Plugins are LUA scripts that can be added to a special section of the user interface. Users can download the plugin file and then click the “Save/Download” button and execute it.
The researcher created a PoC code to exploit the vulnerability, which allowed him to gain superuser privileges and seize control of the target device. In such a case, an attacker is able to perform various dangerous actions, for example, turn off the device or introduce a backdoor.