NSS labs discovers vulnerabilities in Siemens industrial control systems

Exploitation of vulnerabilities in computer systems can always have negative effects, such as loss of availability, productivity, data or other compromise, and even result in identity theft and financial loss. However, unlike classic computer crime and exploitation, where data is remotely stolen or manipulated, attacks on industrial control systems (ICS) can, in rare circumstances, have potentially devastating physical world implications such as loss of life and environmental impact.

A number of vulnerabilities have been discovered by NSS researchers and validated on the Siemens Simatic S7-1200 PLC. Other Siemens device models have yet to be tested. There is the possibility that PLCs from other vendors are similarly affected. Currently, these vulnerabilities could enable an attacker to control an affected S7-1200 PLC.

In the course of the NSS labs research, significant vulnerabilities in industrial control systems have been identified, responsibly disclosed and validated by the affected parties. Due to the serious impact these issues could have on a industrial systems worldwide, further details will be withheld until effective remediation measures have been released by the affected vendor(s) and validated by NSS researchers.

The vulnerabilities discovered, if exploited by an attacker, would enable the attacker to gain full control of the system and perform actions such as:

• Start and stop the CPU
• Arbitrarily control devices connected to the PLC
• Arbitrarily reprogram the PLC and read and write memory contents
• Cause arbitrary (false) data to be returned to logging and management stations
• Hijack control of the PLC from an administrator
• Bypass security controls

“The most effective remediation will be based upon accepted best practices and specific knowledge of the operating environment. Given the implications of the problem, a true air-gap separation between ICS and internet-connected corporate networks should be enforced wherever possible. In many cases, the operator may not be fully aware of the connectivity an attacker may be able to gain. An exposure assessment is recommended in such cases,” the report suggests.

McAfee and Siemens bond to fight against SCADA attacks

Against a backdrop of global threats such as Operation Aurora, Stuxnet and Night Dragon, enterprises need a way to protect their critical systems. To migitate such risks of Advanced Persistent Threats or APTs on the SCADA systems, Siemens-Division Industry Automation has tied up with McAfee Application Control solution to defend against such attacks.

“McAfee is pleased to partner with Siemens-Division Industry Automation to extend its whitelisting solution to help secure the world’s critical infrastructures,” said Stuart McClure, senior vice president and general manager of Risk and Compliance, McAfee. “By implementing McAfee Application Control, Siemens-Division Industry Automation customers can begin to gain control of all software on their endpoints and servers directly from the McAfee ePolicy Orchestrator platform. McAfee Application Control maintains the integrity of endpoints and servers, giving enterprises the foundational layer of security that is needed to prevent disruptive software, advanced persistent threats and zero-day malware attacks.”

Unlike simple whitelisting, McAfee Application Control uses a dynamic trust model, which eliminates the need for tedious manual updates to approved lists. As enterprises face an avalanche of unknown software from the web & unauthorized physical access, this centrally-managed solution adds a timely control to our joint customer security strategy, attuned to the operational needs of enterprises.

“A solid security solution touches three domains: people, process and technology,” said Tino Hildebrand, Head of Marketing and Promotion Simatic HMI, Siemens-Division Industry Automation. “McAfee Application Control for Siemens-Division Industry Automation is a significant step towards increased security at the product layer.”

“At the start of a project you have to design security into the solution, you have to raise awareness of all people responsible for the project and later operating the site. In addition, you have to take care of standard operation procedures to cover all relevant aspects. The security architecture has to be built with several layers of defense. McAfee Application Control for Siemens-Division Industry Automation is the cornerstone of this security concept,” he continued.