Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) has identified multiple vulnerabilities in the Saperion Web Client, a web application developed by Kofax. Vulnerabilities of the following types have been identified:
The vulnerable product is widely used to manage electronic workflow in businesses and government agencies in various sectors, including large and small automation systems (ICS), financial organizations, banking, telecommunications, etc. The vulnerable product may be available from the Internet.
The vulnerable application – Saperion web client – opens port 443/tcp for the electronic workflow system’s web service. A remote attacker can read arbitrary files in the file system and subsequently execute arbitrary code in the system remotely.
Kaspersky Lab ICS CERT reported the vulnerability to the vendor, but the latter declined to release patches for the vulnerabilities identified, arguing that these vulnerabilities are not exploited in later versions of the software.
To reduce the risk of the vulnerabilities being exploited, Kaspersky Lab ICS CERT recommends using an intrusion detection system and dedicated systems designed to protect the network perimeter on industrial networks, as well as implementing tools that protect web servers and applications (web application firewall), restricting access to the vulnerable web application from the Internet and from networks adjacent to the ICS network.