Siemens recently issued an update that addresses a vulnerability found in one of their measuring devices that could potentially allow an attacker to bypass built-in authentication measures and take control of the machine. Discovered by researcher Maxim Rupp, CVE-2017-9944 affects the 7KT PAC1200 smart meter, a multichannel measuring device that allows users to monitor their energy consumption via easily installed sensors. The device then displays measurements for current, voltage, and power on either a web browser or an app that is available for both iOS and Android.
A successful exploit of the vulnerability in the product’s integrated web server gave an unauthenticated remote attacker administrative control over the device via the web interface.
The company advised users of 7KT PAC1200 devices to update their firmware to version 2.03, which fixes the vulnerability. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which also issued an advisory regarding the vulnerability, also provided the following recommendations to mitigate the effects of CVE-2017-9944 and other similar vulnerabilities:
Due to the nature of these kinds of attacks originating from the internet, organizations should minimize network exposure for all control system devices and ensure that they are not accessible from the internet.
Organizations should also place control system networks and remote devices behind firewalls and isolate them from the business network at large.
If and when remote access is required, the use of security measures such as Virtual Private Networks (VPNs) can minimize the chance of attackers intercepting or gaining control of parts of the infrastructure.
Implementing network segmentation, which partitions the system into distinct security zones and isolating critical parts of the system using a policy enforcement device. In cases where the device doesn’t require a constant internet connection, companies can look into implementing an air-gapped system to ensure that network-based attacks cannot occur.
Organizations should always ensure that they update their systems to the latest version. Patch management is—and will always be—an important component of system security. In this particular case, the most effective and straightforward way to address the vulnerability is by patching it.
Many attacks cannot be detected by normal methods. Organizations can look into monitoring solutions that can help them track and monitor even the stealthiest attacks.
Given the importance of ICS security, priority should be given to educating essential ICS personnel on security strategies for these systems.
Implementing a comprehensive cyber incident response plan with both reactive and proactive measures can ensure that organizations are not just capable of preventing attacks from occurring, they can also effectively respond to an ongoing attack.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).