Siemens industrial equipment commonly found in fossil-fuel and large-scale renewable power plants are riddled with multiple security vulnerabilities, the most severe of which are critical bugs allowing remote code-execution.
The affected product is SPPA-T3000, a distributed control system used for orchestrating and supervising electrical generation at major power plants in the U.S., Germany, Russia and other countries. It is plagued with 17 different bugs, uncovered by researchers at Positive Technologies.
“By exploiting some of these vulnerabilities, an attacker could run arbitrary code on an application server, thereby taking control of operations and disrupting them,” Vladimir Nazarov, head of ICS security at Positive Technologies, said in a media advisory issued on Thursday. “This could potentially stop electrical generation and cause malfunctions at power plants where vulnerable systems are installed.”