Vulnerabilities in software for automated systems fixed
Security vulnerabilities in automated systems may give rise to thoughts of bursting dams, exploding oil refineries or meltdown at the nuclear power plant, but in reality, thankfully, no such events have yet come to pass. Hopefully the vulnerabilities in NETxAutomation's OPC server will not contribute to this changing.
OPC (OLE for Process Control) is based on Microsoft's COM/DCOM model and is used for communication in SCADA (Supervisory Control and Data Acquisition) systems, used in control and monitoring systems in the industrial and electricity generation sectors.
Neutralbit has discovered a number of security vulnerabilities in a data interchange interface on the NETxEIB OPC server, with which it is possible to gain access to the server's memory. In the simplest case the server can be made to crash, so that no further communication between the systems is possible and data disappears into the void. The lack of error messages was also one of the reasons for the 2003 blackout in the USA, in which large parts of the Northeast were without electricity for five days.
In the worst case it should be possible to inject code onto a system and have it executed. NETxAutomation has released a patch for its server which should fix these vulnerabilities. The DeviceXPlorer OPC server from Japanese vendor Takebishi suffers from a similar vulnerability. A bug fix update is also available in this case.
In order to carry out a successful attack, the attacker needs to have access to the network over which the OPC servers are exchanging data. Depending on the user's infrastructure, this may be very simple or considerably difficult. In 2006, services provider ISS reported how easy it was to hack into an electricity generating company's network. For this reason, some vendors of security solutions have added products for the automation sector to their portfolios. For example, SCADA firewalls are available to protect systems. However, a big weak point in SCADA systems is the lack of authentication between communication partners.
- Overview of the advisories from Neutralbit
- NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles, vulnerability note from US-CERT