Exploitation of vulnerabilities in computer systems can always have negative effects, such as loss of availability, productivity, data or other compromise, and even result in identity theft and financial loss. However, unlike classic computer crime and exploitation, where data is remotely stolen or manipulated, attacks on industrial control systems (ICS) can, in rare circumstances, have potentially devastating physical world implications such as loss of life and environmental impact.
A number of vulnerabilities have been discovered by NSS researchers and validated on the Siemens Simatic S7-1200 PLC. Other Siemens device models have yet to be tested. There is the possibility that PLCs from other vendors are similarly affected. Currently, these vulnerabilities could enable an attacker to control an affected S7-1200 PLC.
In the course of the NSS labs research, significant vulnerabilities in industrial control systems have been identified, responsibly disclosed and validated by the affected parties. Due to the serious impact these issues could have on a industrial systems worldwide, further details will be withheld until effective remediation measures have been released by the affected vendor(s) and validated by NSS researchers.
The vulnerabilities discovered, if exploited by an attacker, would enable the attacker to gain full control of the system and perform actions such as:
- Start and stop the CPU
- Arbitrarily control devices connected to the PLC
- Arbitrarily reprogram the PLC and read and write memory contents
- Cause arbitrary (false) data to be returned to logging and management stations
- Hijack control of the PLC from an administrator
- Bypass security controls
“The most effective remediation will be based upon accepted best practices and specific knowledge of the operating environment. Given the implications of the problem, a true air-gap separation between ICS and internet-connected corporate networks should be enforced wherever possible. In many cases, the operator may not be fully aware of the connectivity an attacker may be able to gain. An exposure assessment is recommended in such cases,” the report suggests.
Infosec India 