Spotted by researchers, Diebold’s Opteva ATMs were using a publicly exposed OS by the name of “Spiservice.” It was then discovered that the service directed to a DLL with the name “MSXFS.dll” that is used for ATMs. Tests were run on one of Diebold’s ATMs that was operating with Agilis XFS on Opteva version 22.214.171.124. If connected through a web browser, a library with the name “VDMXFS.dll” was called. The result displayed a remote configuration parameter that could allow for a complete takeover of the Opteva ATMs if reverse-shell payloads were deployed. Successful attempts at exploitation were proved by researchers in their blog. A security alert released by Diebold stated, “While all Opteva systems come equipped with a terminal-based firewall installed, from the information we have, the terminal-based firewall of the system was most likely not active during the evaluation. We have not received any reports of this potential exposure being exploited outside of a test environment.” Diebold is making attempts to notify all customers that may operate on the Opteva ATMs and they are advising operators to update to version 4.1.22.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in