ICS-CERT warns of SCADA vendor compromise
The American ICS-CERT published an advisory yesterday warning of key ICS hardware that could be compromised by attacks using the Meltdown/Spectre vulnerabilities.
In a list, eleven vendors so far have announced its products are vulnerable to compromise via the methods disclosed by Google researchers earlier this month. They include such industry big-hitters as Schneider Electric, Phillips, Siemens, Rockwell Automation, ABB, General Electric and more.
By way of advice, the ICS-CERT simply point out: “ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.” This, however valid, could be construed as trite and offers worryingly little in terms of practical help to resolve what has the potential to become a very serious issue for owner/operators across the world.
Leading SCADA software provider, Wonderware – now owned by Schneider Electric – warned its customers in a post on its site that the Microsoft Meltdown/Spectre patch leaves users unable to access key parts of their networks: “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC.”
Separately, Schneider cautioned customers that many of the patches released “indicated a high level of potential performance impact” and urged information security teams to perform stringent impact analysis testing before installing any updates.
Although the disclosure is only available to registered clients, Rockwell Automation have also found the Microsoft patches to cause issues with RSLinx Classic, FactoryTalk View SE and Studio 5000.
Siemens avoided giving its customers any clarity, but said it was testing compatibility for “several products”:
“Siemens is aware that some updates can result in compatibility, performance or stability issues on certain products and operating systems. Operating system vendors, such as Microsoft, are still working to address these compatibility issues with their updates. Siemens will therefore continue to evaluate the applicability of those updates”.
Whilst there’s been a lot of talk about how the released patches will affect consumers – with slowdowns expected of up to a third – there has been scant testing to show how the patches may impact larger infrastructure networks. Fragile architectures, like those found in a typical ICS/SCADA environment, are unlikely to be resilient enough to withstand a hit in processing power of that degree.