SAP vulnerability that may get you Macbook at $1

A vulnerability in the SAP PSXpress Server has been discovered by security researchers from ERPScan, the vulnerability allows an attacker to control SAP POS server and alter configuration files for SAP Point-of-sales systems, this allows an attacker to collect payment card data, alter prices of products and send those data to one of their servers.

SAP POS system follows client-server architecture that retailers use for their online selling of products. The SAP POS solution can be installed by the retailers at their shops. SAP POS system consists of various POS Clients and a server that is usually stored in the backend in the store. Through the POS client, the client connects to the server on every payment initiation, through the server connection it gets all the details regarding the price of the product and payment methods and then forwards the payment card information to the concerned bank.According to the ERPScan, almost 80% of the retailers in the Fortune 2000 uses SAP's POS Solution.

The vulnerability was discovered by ERPScan and was reported to SAP in April 2017, and it has been fixed in SAP Security Note 2476601 and SAP Security Note 2520064.

According to the security researchers, SAP POS servers do not perform any authentication, when a request is made to the server, this means that anyone can alter the configuration files present on the server that is responsible for the price regulation and payment methods. An attacker can install sniffers to collect payment and card data. If the POS server is connected to the internet, the attack can be easily carried out from the remote location. If the POS system's network does not have the internet, then the attacker needs to be present in the store and can connect the special device that runs malicious code, this kind of Rasberry Pi board device costs around $25.

According to the researchers, finding open ports in SAP POS Xpress the server is easy, as the malicious code runs, a configuration file with altered price is uploaded on the server and POS server is made to restart, this attack usually takes second to carry out.

The vulnerability can have serious financial losses. For the demonstration of the vulnerability, researchers altered the price of expensive MacBook Pro to $1.While it is unlikely in the real life
a scenario that hackers will reduce the prices so drastically as it will expose their plan, but they might use this vulnerability in intelligent a way by reducing prices by 20% or 50% so to get away with the
suspicion.

Experts suggest installing SAP security patches to avoid the security threat.

A SAP spokesperson told Bleeping Computer via email that "We strongly advise our customers to secure their SAP landscape by applying the available security patches from the SAP Support Portal immediately," he added "All vulnerabilities in question in SAP Point of Sale (POS) Retail Xpress Server have been fixed, and security patches are available for download on the SAP Support Portal."

The company further added "SAP Product Security Response Team collaborates frequently with research companies like ERPScan to ensure a responsible disclosure of vulnerabilities,"
Category:

Share this with Your friends: