Today the DHS ICS-CERT published an advisory
for an IP forwarding vulnerability in older versions of the Siemens RUGGEDCOM
switches. ICS-CERT reports that Stephen Craven of the Tennessee Valley
Authority reported this vulnerability. Siemens reports that newer versions of
the operating system for those switches allows for disabling of the IP
forwarding function.
ICS-CERT reports that a moderately skilled attacker could
remotely exploit this vulnerability if more than one VLAN were configured on
the system.
It appears from the ICS-CERT advisory and the Siemens
Advisory that this IP forwarding is not actually a vulnerability, but
something designed into the system that could be a problem under some
circumstances. The wording of both documents implies that the IP forwarding
feature is a default feature on the newer systems. This would mean that using
multiple virtual local area networks to segment the control system access could
be bypassed by compromising an element of one of the VLANs if IP forwarding
were enabled on the system. Seems like something that should be disabled by
default and enabled only if needed.
BTW: Siemens does
not credit Craven for the discovery for the vulnerability; rather it simply
acknowledges “the Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) for their support and coordination efforts”.
Posts
No comments:
Post a Comment