There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems.
The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell software prior to 126.96.36.199 are vulnerable to this flaw and the vendor has released a patch to address the problem.
“The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS systems based on Microsoft Windows operating systems. Honeywell OPOS Suite versions prior to version 188.8.131.52 are vulnerable to stack buffer overflows in HWOPOSScale.ocx and HWOPOSSCANNER.ocx,” the Honeywell advisory says.
“In both HWOPOSScale.ocx and HWOPOSSCANNER.ocx, the controls do not check the length of an attacker-supplied string to the Open method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process.”
Point-of-sale systems have been a frequent target for attackers in recent years, as they often are not as well-protected as other parts of a given network. In many cases, PoS devices have little or no security on them, something that attackers know, and when they’re able to get malware onto a PoS system, they know they can quickly gather a large volume of payment card data. PoS compromises have been at the heart of many major breaches, including the Home Depot breach, the attack on Target in 2013 and several others.
There are families of malware specifically designed to take advantage of weaknesses in PoS systems, with Backoff being the most notorious of this genre. Attackers often compromise another portion of a target network, sometimes using stolen or weak credentials, and then move from there to the PoS system to accomplish their goal.