Siemens recently issued an update that addresses a vulnerability found in one of their measuring devices that could potentially allow an attacker to bypass built-in authentication measures and take control of the machine. Discovered by researcher Maxim Rupp, CVE-2017-9944affects the 7KT PAC1200 smart meter, a multichannel measuring device that allows users to monitor their energy consumption via easily installed sensors. The device then displays measurements for current, voltage, and power on either a web browser or an app that is available for both iOS and Android.
A successful exploit of the vulnerability in the product’s integrated web server gave an unauthenticated remote attacker administrative control over the device via the web interface.
The company advised users of 7KT PAC1200 devices to update their firmware to version 2.03, which fixes the vulnerability. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which also issued an advisory regarding the vulnerability, also provided the following recommendations to mitigate the effects of CVE-2017-9944 and other similar vulnerabilities:
- Due to the nature of these kinds of attacks originating from the internet, organizations should minimize network exposure for all control system devices and ensure that they are not accessible from the internet.
- Organizations should also place control system networks and remote devices behind firewalls and isolate them from the business network at large.
- If and when remote access is required, the use of security measures such as Virtual Private Networks (VPNs) can minimize the chance of attackers intercepting or gaining control of parts of the infrastructure.
Industrial devices are crucial to an organization’s operation, thus securing these devices should be of utmost importance. While there are a number of ways smart meters and other similar devices can be compromised, there are also defensive strategies that can be implemented to protect industrial control systems.
Source: Trend Micro