One week after addressing a critical vulnerability in its industrial controller management software, Schneider Electric is in the midst of handling two more serious flaws in a number of its Magelis HMI products.
HMI is short for human machine interface, a graphical visualization of an industrial process that also includes a panel through which operators manipulate and manage processes.
An attacker exploiting either of the vulnerabilities could crash an industrial process, and in a critical industry such as water or energy, the impact on lives could be substantial. The flaws, nicknamed PanelShock, were privately disclosed in April to Schneider Electric by an ICS and SCADA security startup called Critifence. CTO Eran Goldstein said in an advisory published Tuesday that the Magelis GTO, GTU, STO, STU, and XBT panels are affected by the vulnerabilities (CVE-2016-8367 and CVE-2016-8374).
Schneider Electric has provided a number of temporary mitigations, but operators of the GTO Advanced Optimum panels and GTU Universal panel should not expect a patch until next March when product upgrades are scheduled to be available.
A request for comment from Schneider Electric was not returned in time for publication. “By exploiting PanelShock vulnerabilities, a malicious attacker can ‘freeze’ the panel remotely and disconnect the HMI panel device from the SCADA network and prevent the panel from communicating with PLCs and other devices, which can cause the supervisor or operator to perform wrong actions, which may further damage the factory or plant operation,” Critifence said.
The vulnerabilities, Critifence said, are related to improper implementations of different HTTP request methods and a resource consumption management mechanism. Schneider Electric qualified that for an exploit to be successful, the Web Gate Server, which is off by default, must be enabled.
“The use cases identified demonstrate the ability to generate a freeze condition on the HMI, that can lead to a denial of service due to incomplete error management of HTTP requests in the Web Gate Server,” Schneider Electric said in its advisory. “While under attack via a malicious HTTP request, the HMI may be rendered unable to manage communications due to high resource consumption.
This can lead to a loss of communications with devices such as Programmable Logic Controllers (PLCs), and require reboot of the HMI in order to recover.” Schneider Electric recommends limiting exposure of the vulnerable HMIs to the Internet and disabling the Web Gate Server. Also, control system networks should be isolated from business networks and behind a firewall. If remote access is required, Schneider Electric recommends it be done through a VPN connection and that systems’ patching levels be current. Last week, a critical flaw was disclosed in Schneider Electric Unity Pro software that allows for remote code execution. ICS security company Indegy found the flaw in the Unity Pro PLC Simultor, and Schneider Electric had patched it on Oct. 14. Any Unity Pro component exposed to the Internet was vulnerable, and attackers could take advantage of a lack of authentication to access the controller and exploit the issue.
One week after
addressing a critical vulnerability in its industrial controller
management software, Schneider Electric is in the midst of handling two
more serious flaws in a number of its Magelis HMI products.
HMI is short for human machine interface, a graphical visualization of
an industrial process that also includes a panel through which operators
manipulate and manage processes.
Related Posts
Google Reveals Windows Kernel Zero Day Under Attack
October 31, 2016 , 5:00 pm
Major Vulnerability Found In Schneider Electric Unity Pro
October 26, 2016 , 7:00 am
Threatpost News Wrap, October 14, 2016
October 14, 2016 , 10:38 am
An attacker exploiting either of the vulnerabilities could crash an
industrial process, and in a critical industry such as water or energy,
the impact on lives could be substantial.
The flaws, nicknamed PanelShock, were privately disclosed in April to
Schneider Electric by an ICS and SCADA security startup called
Critifence. CTO Eran Goldstein said in an advisory published Tuesday
that the Magelis GTO, GTU, STO, STU, and XBT panels are affected by the
vulnerabilities (CVE-2016-8367 and CVE-2016-8374). Schneider Electric
has provided a number of temporary mitigations, but operators of the GTO
Advanced Optimum panels and GTU Universal panel should not expect a
patch until next March when product upgrades are scheduled to be
available.
A request for comment from Schneider Electric was not returned in time
for publication.
“By exploiting PanelShock vulnerabilities, a malicious attacker can
‘freeze’ the panel remotely and disconnect the HMI panel device from the
SCADA network and prevent the panel from communicating with PLCs and
other devices, which can cause the supervisor or operator to perform
wrong actions, which may further damage the factory or plant operation,”
Critifence said.
The vulnerabilities, Critifence said, are related to improper
implementations of different HTTP request methods and a resource
consumption management mechanism. Schneider Electric qualified that for
an exploit to be successful, the Web Gate Server, which is off by
default, must be enabled.
“The use cases identified demonstrate the ability to generate a freeze
condition on the HMI, that can lead to a denial of service due to
incomplete error management of HTTP requests in the Web Gate Server,”
Schneider Electric said in its advisory. “While under attack via a
malicious HTTP request, the HMI may be rendered unable to manage
communications due to high resource consumption. This can lead to a loss
of communications with devices such as Programmable Logic Controllers
(PLCs), and require reboot of the HMI in order to recover.”
Schneider Electric recommends limiting exposure of the vulnerable HMIs
to the Internet and disabling the Web Gate Server. Also, control system
networks should be isolated from business networks and behind a
firewall. If remote access is required, Schneider Electric recommends it
be done through a VPN connection and that systems’ patching levels be
current.
Last week, a critical flaw was disclosed in Schneider Electric Unity Pro
software that allows for remote code execution. ICS security company
Indegy found the flaw in the Unity Pro PLC Simultor, and Schneider
Electric had patched it on Oct. 14. Any Unity Pro component exposed to
the Internet was vulnerable, and attackers could take advantage of a
lack of authentication to access the controller and exploit the issue.
See more at: Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs https://wp.me/p3AjUX-vFA
See more at: Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs https://wp.me/p3AjUX-vFA
Your article is extremely good.you can visit my website : guardian apk download
ReplyDeleteOh my god You Don't Know this App Amazon Kindle Apk
ReplyDeleteCar Restoration 3D Mod Apk
Middle East Empire 2027 Mod Apk