Rare SCADA bug poses power plant risk
Security watchers warn of a rare vulnerability involving software used to control industrial systems. A denial of service vulnerability in monitoring software from Invensys poses a severe risk to the factories and utilities running its Wonderware subsidiary's InTouch SuiteLink application.
Windows versions of the package use a common software component, the SuiteLink Service, to allow components using a proprietary protocol to talk together over TCP/IP networks.
A security bug means hackers that are able to connect to the SuiteLink service TCP port can shut it down by sending a malformed packet, according to Core Security, the security tools firm that discovered the vulnerability. It's unclear whether or not the bug creates a means for hackers to inject hostile code onto vulnerable systems.
Even the possibility that hackers could shut down SCADA (Supervisory Control And Data Acquisition) systems remotely, and without needing to get past password checks, is bad enough in itself. According to Wonderware's website, one third of the world’s industrial plants run its software.
The US Department of Homeland Security rated the vulnerability as a high risk bug, in a security alert issued on Tuesday. The SANS Institute's Internet Storm Centre advises admins to patch vulnerable systems as soon as possible.
Vulnerabilities in consumer and business software are commonplace while bugs involving industrial control software are rare. Security firms, most notably Symantec, are trying to expand from their traditional markets into the sale of kit to protect SCADA systems, which are increasingly controlled over IP networks and therefore (at least in theory) more vulnerable to attack. ®
'Rare SCADA' bug
The one with GEF on the back
My own employer simply changes the terms of warranty for network-connected boxes to exclude unknown/internet attacks. Let the owner beware.
What should also be noted is that this is only for the HMI - the actual control and monitoring tends to be done in a different box running an appropriate OS (OK I've only ever used Wonderware to monitor Triconex ESD systems). The result of crashing the Wonderware instance is similar to turning the monitor off on your PC - irritating but hardly critical.
When exploits start appearing for the DCS or ESD logic solvers, then I'll panic.
@TMS9900 - You MUST be joking?
Bollocks on the Bollocks.
I'm sorry to flame, but I've encountered a number of SCADA systems connected to intranets and (stating the obvious) said intranets were connected to the internet. Yes, the regulatory (control networks) are generally segregated, but the supervisory (SCADA) is on the corporate intranet all the time. I'll grant you that traditionally, we as automation professionals (especially back in the DCS world of 10 years ago) generally discouraged customers from having interconnected networks. However, times have changed and I would be surprised if more than 20% of new installations (and that 20% would just about all be small stand-alone facilities) are built based on a closed network. The genie has been out of the bottle a while here and the OEMs have been playing (much-needed) catchup to adjust to the changes in the way automation solutions are implemented. Large corporations want (and need) access to the data provided via their SCADA systems for real-time applications such as MES/ERP, dash-boards, etc.
Thankfully, most of the integrated networks of any size are implemented with network segregation via routers, layer 3 switches, etc., - that should generally prevent DOS attacks from an outside source (assuming your network equipment hasn't been penetrated).
The key is to use some intelligence in implementing your network solution. Well, that and screaming at the OEMs to actually hire protocol & security experts for their software development. Now that the networks are integrated, the OEMs have to fight the same IT battles as anyone else. Similarly, automation professionals have to be even more dilligent to make sure that the code in their DCS/PLC/PAC is capable of running independently/safetly if the SCADA fails.
P.S. - PLCs/PACs/DCSs have Ethernet ports (and associated vulnerabilities too).
P.P.S. - To the MS haters - Oddly enough, SCADA workstations running on MS Windows rarely crash as long as they are only running OS + SCADA software. The issues normally only arise when the operator loads other crap on the machine and tries to run it simultaneously... Less MS's issue - more 3rd party apps.
2 Cents Delivered. Flame away.