GradeZero Music Band

Monday, December 30, 2019

Turbines, Simens, Vulnerabilities, Power

New release by Kaspersky team leaded by SCADA StrangeLove fellow Gleb Gritsai  "On the insecure nature of turbine control systems in power generation" as presented on Chaos Communication Congress 36C3.

Power plants everywhere...



SPPA T-3000 protocol dissector for Wireshark

SPPA T-3000 password audit/bruteforce tool

Java RMI PoC dissector for Application server communications


Radu Motspan, Alexander Korotin, Eugenia Potseluevskaya,  Sergey Andreev, Sergey Sidorov


• Make DIY assessment and talk to vendor, integrator and internal information security
• DCS is like any other industrial solution, but worst
• Require 62443-like relationships while selecting industrial solutions
• Update your versions, passwords and configurations
• Talk to your SOC and start monitoring, detection, response in Windows/Linux/PLC subnet
• There is more to DCS than to SPPA-T3000 in the talk

Vendor response

Siemens addresses a number of vulnerabilities in SPPA-T3000, Rel. 8.2 SP1 and addresses
all vulnerabilities detected by Kaspersky with Rel. 8.2 SP2.
• In ICS setups based on our default SPPA-T3000 security recommendations (available to all customers), the listed vulnerabilities are not exploitable from external networks.
• As a default procedure when the site acceptance test is finished (system handover),
Siemens recommends to all customers to change all user passwords.
• Siemens is forwarding information to the SPPA-T3000 customers to align their solution configuration with the recommendations described in the SPPA-T3000 Security Manual.
• Siemens is aware of the criticality of SPPA-T3000 for critical infrastructures.
Therefore, we
• understand software quality improvements as an ongoing task
• utilize software vulnerability information to enhance the system security testing process
• continue to provide security patches for the mitigation of vulnerabilities in Siemens and 3rd- party products as part of an optional software maintenance agreement
• continuously review the SPPA-T3000 security architecture to minimize the attack surface of ICS solutions
• recommend deploying ICS components in physically protected areas and cabinets
• are aware of the additional operator responsibility regarding the ICS solution security throughout the commercial plant operation cycle and ready to support our customers with (security-related) system updates and appropriate services


No comments:

Post a Comment