According to foreign media reports, Oracle's POS system (Point-of-Sale System) there is a high-risk security vulnerabilities, hackers can download, after the invasion of the company's entire business data.
Oracle released an update on the issue earlier this month, but fixing the patch for the issue can take months to update to the affected POS system. This is because the POS system is a business-critical system, and system administrators rarely schedule maintenance and update operations, worrying that an unstable patch can give the company further downtime and financial losses.
The vulnerability was discovered by Dmitry Chastuhin, a security researcher from ERPScan that allows attackers to read and access POS system data without authentication.
Chastuhin said the vulnerability allows an attacker to collect configuration files from Micros POS systems, obtain user names and passwords, and then use the data obtained to grant attackers full and legitimate access to POS systems and additional services (databases and servers).
It is estimated that the severity of the vulnerability is 8.1 points (out of 10).
In the most common case, attackers will most likely install POS malware to collect payment card details, but attackers may also install other types of malware for corporate espionage and proxy endpoints for future attacks.
The researchers said the vulnerabilities could be exploited by people who have had the opportunity to accept vulnerable POS terminals, such as company employees. In addition, without being sure whether a device can be exploited, attackers can scan for vulnerable devices by scanning the network. If the devices and machines around the store are connected via Ethernet, the attack becomes easy.
Oracle said there are currently more than 300,000 companies opting to deploy Micros POS systems to handle credit / debit card payments.
A fix for this vulnerability was provided in January 2018 Oracle Critical Patch Update (CPU). In 2014, Oracle acquired MICROS Systems, Inc. for $ 5.3 billion, and at the time of the acquisition, more than 330,000 restaurants, stores and hotels in 180 countries were using micros services. Currently, Oracle is the third largest supplier of PoS software on the market.