Saturday, December 30, 2017

Publicly Disclosed ICS Vulnerabilities – Week of 12-23-17

This week we have two vendor notifications that were not covered by ICS-CERT. These were for products from Siemens and ABB.

Siemens Update

Siemens announced another update to their July advisory about vulnerabilities in their SIPROTEC 4 and SIPROTEC Compact devices. ICS-CERT updated their advisory for the previous Siemens update, but has not done so for this one. I suspect this is a holiday delay.

Siemens is providing updated version information and mitigation measures for their SIPROTEC 7UT686.

ABB Advisory

Joel Langill provided a link to an ABB security advisory linked to the TRITON/TRISIS/HATMAN malware. While the TTH attack did not involve any ABB products, the company notes that “conceptually a similar attack can be leveraged against any safety system with a sufficiently similar design concept”. The advisory then goes on to provide a link to a product specific advisory (registration required) for the ABB System 800xA High Integrity safety instrumented system.

Since I am not a registered user I do not have access to the advice provided by ABB but I suspect that it pretty much reiterates standard security protocols for the device. That is not a bad thing in view of some the lapses reported in both the Dragos and FireEye reports. In fact, it might be a good idea for all vendors of safety instrumented systems to review those two reports and provide a security update for their products that emphasizes the lessons learned in the Saudi attack.

No comments:

/* Use this with templates/template-twocol.html */