1. Home

Many control system vulnerabilities are not “new”, they are often just rediscovered

July 30, 2019
New control system vulnerabilities often are not “new”, just rediscovered and not adequately disclosed or addressed. Examples are the VxWorks operating system vulnerabilities and the ABB MicroSCADA.

Wind River's VxWorks is arguably the most popular real time operating system used in embedded and control systems. July 30, 2019, Armis announced it discovered 11 zero-day vulnerabilities (named “URGENT/11”) that impact the VxWorks operating system, including six that are critical. 

In the 2011 time frame, I wanted to prove how different control systems were than IT. As a result, I worked with a utility to have an IT security consultancy, in this case Mocana, try to hack a substation Remote Terminal Unit (RTU) running VxWorks. I was sure Mocana would throw up their hands in despair as they had never heard of VxWorks. It took Mocana about 2 weeks to complete the assignment. The goals of the project were to determine actions that could lead to damage or financial loss to the utility. Mocana’s scope was to use black box penetration testing to perform:

- Embedded Device Testing,

- Device Communication,

- Identify Debugging Functionality,

- Uncover Administrative Privileges, and

- Protocol Assessment.

There were 3 High Severity issues identified:

- Could find and alter any memory record remotely or over the network

- Could extract admin credentials without permission

- Could extract live admin session tokens (such as web cookies)

I had the utility and Mocana present this case history at my 2011 ICS Cyber Security Conference.

Wind River recognized the vulnerabilities and provided a new processor board with firmware fixes. However, the RTU model had an installed base in the tens of thousands. Consequently, it is not clear how many systems actually implemented the new process board with firmware fixes. It is also not clear how the 2011 vulnerabilities correspond to those identified by Armis.

As we were using the utility as a control system cyber security testbed, another vulnerable system identified was the ABB MicroSCADA. Apparently, there were cyber vulnerabilities that were not corrected as the ABB MicroSCADA was compromised in the 2016 Ukrainian cyber attack.

New control system vulnerabilities often are not “new”, just rediscovered and not adequately disclosed or addressed.

Joe Weiss

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

shutterstock_2366137569
shutterstock_1830740018
shutterstock_2523786043

Most Read

Sponsored