Crucial Vulnerabilities Exist in the VxWorks IPnet Stack

According to Security Week (reported the other day):

"In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can allow a remote attacker to take control of impacted systems.
Armis said the vulnerabilities exist in the VxWorks IPnet stack and they expose over 200 million mission-critical devices from around the world to attacks, including in the healthcare, manufacturing, cybersecurity, tech, and industrial automation sectors. ..."

Devices from several vendors might be impacted ...

Click HERE for the full report. There you find links to the vendor's recommendations ... You know what that could mean? One vendor notes: "Applying the update causes the device / module to go through a single restart cycle."

Are Devices Using IEC 61850 Vulnerable?

Devices that implement IEC 61850 may be vulnerable - depending on the measures (not) implemented to protect your SYSTEM! There are many layers of security that can be build into the system to make is less vulnerable. IEC 61850 needs special security measures to hide the semantics of the information being exchanged in a system.

IEC 61850 has well defined models for controlling switch gears: Logical Node CSWI.Pos for operating any kind of switchgears liek circuit breaker, dis-connector or earthing switches. If a client (SCADA, RTU, Proxy, ...) has "open" access to an IED, it could use the self-description and figure out which CSWI instances are available ... and could try to use MMS Write to open or close a switch gear. In a bad system design, this may work.

A high level of security would not (easily) allow other clients (except those that are designed to operate) to operate a switch gear.

Security measures have to be implemented to prevent misuse of the self-description. Even without the self-description, it may be possible that somebody gets access to the SCL file of the system to "read" the models from an XML file. As a consequence: XML files need to be secured as well ...!

You will find solutions for many of the known security problems in the standard series IEC 62351!

The definitions have to be implemented - the paper standards do not protect your systems!

A very new, comprehensive and up-to-date report on security has been published the other day:

THREAT INTELLIGENCE REPORT
CYBERATTACKS AGAINST
UKRAINIAN ICS

Click HERE for the report [pdf, 20 pages].

By the way, the report mentions IEC 60870-5-101/104, IEC 61850 and OPC UA.
Worth to read.

Vulnerabilities in RuggedCom ROS-based Devices

RuggedCom switches and serial-to-Ethernet devices are used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets.
Potential vulnerabilities in the web server’s authentication of the affected products might allow attackers to gain administrative access to the web interface over the network without authentication or unprivileged users to perform privilege escalation.

AFFECTED PRODUCTS
- RuggedCom devices with ROS version < ROS v3.12.2

RuggedCom and Siemens recommend upgrading to the current firmware version ROS v.3.12.2 which fixes the potential vulnerabilities.

Click HERE for more details.

Vulnerability in multiple Triangle MicroWorks’ products

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported on August 28, 2013 the following vulnerability:

Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has tested the update to validate that it resolves the vulnerability.

This vulnerability could be exploited remotely.

The following Triangle MicroWorks products are affected:

• SCADA Data Gateway, v2.50.0309 through v3.00.0616
• DNP3 .NET Protocol components, v3.06.0.171 through v3.15.0.369
• DNP3 ANSI C source code libraries, v3.06.0000 through v3.15.0000

Click HERE to access the complete report.

How Secure is the Information Technology for Electric Grids?

Are you surprised that there are many Security Gaps? Guess just a few experts are surprised that there are crucial Gaps! Why? Security is not a business case for utilities. Security measures are – in the eyes of many responsible people – just producing costs without helping to increase the shareholder value … as long as no serious attack happens.

A new US congressional survey has brought a lot of serious details and facts to light:

Electric Grid Vulnerability – Industry Responses Reveal Security Gaps

Click HERE for the complete Report published yesterday (May 22, 2013) [pdf]

I hope that the “EnergieWende” will not loose its “W” and end in an “EnergieEnde”. We are about to risk loosing the “W” … Or?

Vulnerability in the RuggedCom Rugged Operating System (ROS) – Bulletin from RuggedCom

RuggedCom has posted today (2012-08-31) some important information about the RuggedCom Private Key Vulnerabilities for HTTPS/SSL and SSH.

On that page you find crucial information about affected products, descriptions of the Vulnerabilities, fixes, and recommendations.

As this Vulnerabilities shows there is a need for an increasing awareness of security issues – and a need for more resources: to develop, implement and apply security measures – and education.

When did you talk last time with your management about making your system or IED more secure? Maybe it’s time to talk to them again … and again … and again.

Do you know the most secure protocol? No? It is the protocol that never was developed, implemented, or in use. ;-)

I am kidding. Sure. The Internet was originally invented for “wide-open” communications. This is long-time ago. Today it could be assumed that many new application domains will use the “Internet Technology” to build the x-Webs (Energy-Web, Power-Web, Smart Grid Web, …).

Be serious on security! Please!

Access the RuggedCom Security Updates.

Security Issue with RuggedCom Network Devices

The operating system (ROS) used in RuggedCom network devices has (according to the ICS-CERT Operations Center) a problem with a private key which may be used by an attacker.

A report states, that “the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device.”

Access the complete Report from ICS-Cert.

The other day I said:

It is HIGHLY recommended to ALL stakeholders in the energy
industry to keep an close eye on the security issues!!

I hope that more responsible managers will understand that implementing the needed measures is crucial to meeting their mission (not looking to comply with a standard or other specification) – this costs money … but it is a prerequisite for running your business in the future!

Don’t expect that nothing will happen!

Experts, responsible for Substation Automation Systems that use ROS based network devices, should keep an eye on the issue!