Industrial Control Systems Vulnerable

Uploaded on 2016-01-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

The ICS-CERT has outlined an SSH key issue in industrial control systems that are often used to power utilities and critical infrastructure networks. But, the initial vulnerability is only the tip of the iceberg, with Shellshock, Heartbleed and other flaws also in full effect.

According to ICS-CERT, Advantech EKI series products, which are Modbus gateways used to connect serial devices to TCP/IP networks, are vulnerable to attackers looking to intercept communications to and from the devices. The attack can be done remotely.

Advantech has released firmware version 1322_D1.98 in response to the ICS-CERT advisory, but it turns out that the fix is deeply flawed.

Rapid7 discovered the flaws during a firmware analysis specific to the EKI-1322 GPRS IP gateway device, but “given the scope of ICSA-15-309-01, it is presumed these issues are present on other EKI products,” the firm said.

Rapid7 uncovered three issues, including the fact that the product includes the bash shell, version 2.05, which is vulnerable to the Shellshock vulnerability. The product also includes OpenSSL version 1.0.0e, which is vulnerable to the Heartbleed vulnerability as well as a number of other issues. And, the DHCP client is version 1.3.20-pl0, which appears to be vulnerable to a number of known issues, including CVE-2012-2152.

All three problems require an update from the vendor in order to update the shipping software to versions patched against the named issues. End users of these devices are advised to ensure that these devices are not reachable by untrusted networks such as the Internet. Unfortunately, these issues are not newly discovered vulnerabilities, but rather known vulnerabilities that are shipping on production industrial control systems today.

ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls, and isolate them from the business network.

When remote access is required, use secure methods, such as VPNs, recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices that use them.
Infosecurity: http://bit.ly/1SsaTGP

« Common Cyber Threats You Need To Be Aware Of (£)
Criminals Identify Deceased ID as Easy Target »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Web3fied

Web3fied

Web3fied is a seed stage company building the future of decentralized digital identity and credentials management.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.

Motive Managed Services

Motive Managed Services

Motive Managed Services take the complexity out of IT, Cybersecurity, and Network Operations, so you can focus on growing your business.

Concentrix

Concentrix

Concentrix - the intelligent transformation partner. We help the world’s leading organisations to modernise technology, transform experiences, and solve their toughest business challenges.

Stingrai Inc.

Stingrai Inc.

Stingrai helps companies prevent breaches by simulating real-world attacks through penetration testing.