Power plants everywhere...
SPPA T-3000 protocol dissector for Wireshark
SPPA T-3000 password audit/bruteforce tool
Java RMI PoC dissector for Application server communications
Radu Motspan, Alexander Korotin, Eugenia Potseluevskaya, Sergey Andreev, Sergey Sidorov
• Make DIY assessment and talk to vendor, integrator and internal information security
• DCS is like any other industrial solution, but worst
• Require 62443-like relationships while selecting industrial solutions
• Update your versions, passwords and configurations
• Talk to your SOC and start monitoring, detection, response in Windows/Linux/PLC subnet
• There is more to DCS than to SPPA-T3000 in the talk
Siemens addresses a number of vulnerabilities in SPPA-T3000, Rel. 8.2 SP1 and addresses
all vulnerabilities detected by Kaspersky with Rel. 8.2 SP2.
• In ICS setups based on our default SPPA-T3000 security recommendations (available to all customers), the listed vulnerabilities are not exploitable from external networks.
• As a default procedure when the site acceptance test is finished (system handover),
Siemens recommends to all customers to change all user passwords.
• Siemens is forwarding information to the SPPA-T3000 customers to align their solution configuration with the recommendations described in the SPPA-T3000 Security Manual.
• Siemens is aware of the criticality of SPPA-T3000 for critical infrastructures.
• understand software quality improvements as an ongoing task
• utilize software vulnerability information to enhance the system security testing process
• continue to provide security patches for the mitigation of vulnerabilities in Siemens and 3rd- party products as part of an optional software maintenance agreement
• continuously review the SPPA-T3000 security architecture to minimize the attack surface of ICS solutions
• recommend deploying ICS components in physically protected areas and cabinets
• are aware of the additional operator responsibility regarding the ICS solution security throughout the commercial plant operation cycle and ready to support our customers with (security-related) system updates and appropriate services