Over 60,000 exposed control systems found online. Researchers have found weaknesses in industrial control systems they say give complete control of systems running energy, chemical and transport systems.
Russian researchers whom throughout the last year probed popular and high-end ICS as well as Supervisory Control And Data Acquisition (SCADA) systems discovered the vulnerabilities. It used to overpower everything from home solar panel installations to critical national infrastructure.
Positive Research chief technology officer Sergey Gordeychik and consultant Gleb Gritsai detailed vulnerabilities in Siemens WinCC software. The elaborated weaknesses were used in industrial control systems including
Gordeychik said, "We do not have big experience in nuclear industry, but for energy, oil and gas, chemical and transport, we showed to owners how to get full control of industrial infrastructure with all the attendant risks." The vulnerabilities been around in the way passwords were encrypted and stored in the software's Project database and let attackers to gain complete access to Programmable Logic Controllers (PLCs) using attacks referred to as dangerous and easy to launch.
Vulnerability was also found in cloud SCADA platform Daq Connect that allowed attackers running a demonstration kiosk to access other customer installations. The vendor told the researchers who reported the drawback simply 'not do' the attacks.
The researchers published an updated version of a password-cracking tool that targeted the vulnerability in Siemens PLC S-300 devices as part of the SCADA Strangelove project at the Chaos Communications Conference in Berlin .
They also published a cheat sheet to help researchers identify nearly 600 ICS, PLC and SCADA systems.
SCADA Strangelove had identified more than 150 zero day vulnerabilities of different levels of severity affecting ICSes, PLCs and SCADA systems. Of those, 31 percent were much less serious cross-site scripting vulnerabilities and five percent were dangerous remote code execution holes.
The second vulnerabilities were remarkably dangerous because most of the affected systems was lacking defenses such as Address Space Layer Randomization and Data Execution Prevention designed to make exploitation more difficult.
However, it was not just industrial systems that were affected; the researchers found some 60,000 ICS devices -- many that were home systems -- exposed to the public Internet and at risk of attack.
The most prevalent vendors were Tridium, NRG Systems and Lantronix while the most common devices to be crawled using search engines were the Windcube solar smartgrid system, the IPC CHIP embedded device, and the Lantronix SLS video capture platform.
The researchers reported exposed devices to various computer emergency response teams and watchdog groups including the European infosec agency ENSIA.
The findings follow the discovery of separate serious vulnerabilities in Siemens industrial Ethernet switches that allowed attackers to run administrative tasks and hijack web sessions.
Siemens circulated patches overnight to address the flaws in its SCALANCE X-200 switches that were quietly reported by researchers at security firm IOActive.
The defects related to a lack of entropy in random number generators used in the switches.
Researcher Eireann Leverett praised Siemens for its rapid response to fix the flaws.
0 comments:
Post a Comment