Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)
A.
Cross-site scripting B.
Data exfiltration C.
Poor system logging D.
Weak encryption E.
SQL injection F.
Server-side request forgery.
DF.
Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)
A.
Cross-site scripting
B.
Data exfiltration
C.
Poor system logging
D.
Weak encryption
E.
SQL injection
F.
Server-side request forgery.
DF.
The two options that are most likely to adversely impact the operations of unpatched traditional programmable-logic controllers running a back-end LAMP server and OT systems with human-management interfaces accessible over the Internet via a web interface are Cross-site scripting and Server-side request forgery.
Cross-site scripting (XSS) is a type of attack that occurs when an attacker injects malicious code into a web page viewed by other users. If the programmable-logic controllers, LAMP server, and OT systems have a vulnerability that can be exploited by an attacker using XSS, the attacker could take control of the web page and steal sensitive information or launch further attacks.
Server-side request forgery (SSRF) is an attack in which an attacker sends a request to a server from a compromised server or client. The request is made to look like it came from an authorized source, but it is actually being sent by the attacker. If the LAMP server or other components of the system are vulnerable to SSRF, an attacker could use it to access resources on the server or network that they are not authorized to access.
Data exfiltration, poor system logging, weak encryption, and SQL injection could also be security concerns for the system, but they are less likely to have an immediate and direct impact on the operation of the programmable-logic controllers and OT systems.