Zero-Day Advisory
Fortinet Discovers Inhand Networks InConnect Service Broken Access Control Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Broken Access Control vulnerability in Inhand Networks InConnect service (ics.inhandnetworks.com).
The InConnect is a simple "plug & play" service which builds secure remote networks for the machines (IPCs, servers, IP cameras, PLCs, HMIs, RTUs, controllers, etc.). Featuring user-friendly interfaces and simple operation, the SaaS (Software as a Service) based solution enables access to the devices anytime from anywhere, and stay connected with the business and with the world.
InHand Networks is a global leader in Industrial IoT with product portfolio including industrial M2M routers, gateways, industrial Ethernet switches, industrial computers and IoT management platforms. It provides complete IoT solutions for various vertical markets including Smart Grid, Industrial Automation, Remote Machine Monitoring, Smart Vending, Smart City, Retail and more.
A Broken Access Control vulnerability has been discovered in Inhand Networks InConnect service. It is caused by inadequate filtering on the user inputs.
Solutions
InHand Networks has fixed the issue.
Timeline
Fortinet reported the vulnerability to InHand Networks on October 27, 2022.
InHand Networks confirmed the vulnerability on November 15, 2022.
InHand Networks patched the vulnerability on March 14, 2023.