A researcher from industrial cybersecurity firm TXOne Networks has discovered several vulnerabilities in Taiwan-based Weintek’s cloud-based product, Weincloud, designed for managing human-machine interfaces (HMIs) and operations remotely. The security flaws could have been exploited to manipulate and damage industrial control systems (ICS) used in critical manufacturing sectors globally.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory to inform organizations about these vulnerabilities and their potential impact on the critical manufacturing sector. Fortunately, Weintek has already patched the vulnerabilities with an account API update, and no further action is required from users.The identified vulnerabilities include four types of security holes, three of which have been classified as ‘high severity.’ One of these flaws could have allowed attackers to reset an account’s password using the corresponding JWT token. Another issue could have been leveraged to log in with testing credentials to the official website by abusing the registration functionality. The third high-severity flaw had the potential to cause a denial-of-service (DoS) condition. Additionally, there was a ‘medium severity’ vulnerability that could have been exploited for brute-force attacks.The TXOne researcher, Hank Chen, stated that under specific but commonly found circumstances, an attacker could have exploited these vulnerabilities to take complete control of Weincloud instances. Given that Weincloud is a cloud-based product, remote exploitation from the internet was possible.The severity of these vulnerabilities becomes apparent when considering their potential impact on ICS. Attackers gaining control of HMIs could manipulate them to control programmable logic controllers (PLCs) and damage field devices. Chen emphasized that these vulnerabilities are not exclusive to Weintek products, as TXOne researchers have identified other cloud-based ICS products that are susceptible to similar attacks.The discovery of these vulnerabilities underscores the growing trend of ICS solutions and applications migrating to the cloud, which introduces diverse security concerns. As more critical infrastructure moves to cloud-based platforms, the need for robust cybersecurity measures becomes paramount to safeguard against potential threats.TXOne plans to present its research on these vulnerabilities at the ICS Village at DEF CON 31, raising awareness of the risks associated with cloud-based ICS products. It is essential for organizations in critical manufacturing and other industries to remain vigilant, prioritize security measures, and stay updated on potential vulnerabilities to protect their critical systems from exploitation.The incident serves as a reminder that as technology evolves, so do cyber threats, and organizations must stay proactive in their defense strategies to counter these evolving risks effectively. Cybersecurity should remain a top priority for any entity that relies on industrial control systems to ensure the resilience and integrity of their operations.