This week, at the SecurityWeek’s 2016 ICS Cyber Security Conference, researchers at industrial security firm CyberX disclosed several important vulnerabilities.
The experts demonstrated how hackers can target ICS systems and passing security measures in places.
Among the vulnerabilities disclosed by the experts, there is a flaw affecting a Schneider Electric industrial firewall that could be exploited by hackers for remote code execution.
The vulnerability affects products of the Schneider Electric’s ConneXium TCSEFEC family of industrial ethernet firewalls. This family of products is used in the industrial contexts for the protection of SCADA systems, automation systems, industrial networks and other systems.
The experts discovered that the web-based administration interface of the Schneider Electric’s ConneXium TCSEFEC firewalls is affected by a buffer overflow. The exploitation of the flaw could allow attackers to execute arbitrary code.
The researchers also reported the flaw to the US ICS-CERT that is to issue a security advisory.
A threat actor could exploit the flaw to change firewall rules, eavesdrop on traffic, inject malicious traffic, and disrupt communications.
The researchers highlighted that the flaw is exploitable also by attackers that haven’t specific technical skills.
“Exploitation of this security hole could also lead to manipulation of control systems, which, in a worst case scenario, could result in physical damage. Programmable logic controllers (PLCs) typically don’t have any type of authentication, allowing attackers to easily gain access and exploit known or zero-day flaws.” reported Eduard Kovacs from Security Week.
Unfortunately, it is quite easy for attackers to target Schneider industrial firewalls that are easy to find thanks to search engines such as Shodan or Censys.
According to CyberX, the vendor Schneider Electric has already developed a security update to address the vulnerability, but it has yet released it.
The researchers from CyberX also reported seven zero-day flaws in PLC systems from a major unnamed vendor that is already working on a security update to fix them.
(Security Affairs – SCADA, Schneider industrial firewall)