Over a dozen models of Siemens SCADA products have been found vulnerable to local privilege escalation attacks....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The impact of the vulnerability varies depending on the operational environment, product implementation and other factors. Patches have been released for only some of the products. How do these vulnerabilities work? And what, if anything, can be done in lieu of patches?
Industrial control system (ICS) and supervisory control and data acquisition (SCADA) security has been getting a significant amount of attention because of the potential consequences from an attack on these systems. Some attacks, like Stuxnet, have a greater impact, but most malware found on ICS and SCADA systems don't appear to be from targeted attacks.
Siemens recently published a security advisory for a local privilege escalation vulnerability that affects at least 18 of its SCADA software systems and devices. This vulnerability could allow a user to gain elevated privileges that would allow them to operate and exploit the affected products if they have not been installed under the default path.
The vulnerable Siemens SCADA software doesn't properly check where it is loading DLL files from, which allows the local user to potentially execute a malicious DLL. Local privilege escalation attacks require the attacker to get a file on the target endpoint. The impact of the Siemens SCADA vulnerability depends on the operational environment and how the systems are secured.
Siemens released patches for most of the vulnerable pieces of software, as well as temporary fixes for some of the other products. It is working on providing fixes for the remaining products. Siemens could have implemented Microsoft's advice for the secure loading of libraries to prevent DLL preloading attacks.
There are additional security controls that can be implemented to prevent or detect this attack, like using a secured endpoint, preventing users without appropriate privileges from writing to the local file system executables, using whitelisting and logging every executable that runs on the system.
Also, the Industrial Control Systems Cyber Emergency Response Team has published a guidance report, "Targeted Cyber Intrusion Detection and Mitigation Strategies," which can be used to secure the Siemens SCADA systems.
Learn tips on how to migrate SCADA systems to accommodate the internet of things
Read about the development of an ICS security framework
Find out how enterprises can protect ICS and SCADA systems from the IRONGATE malware
Dig Deeper on Enterprise Vulnerability Managements
Related Q&A from Nick Lewis
USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and ...continue reading
Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how ...continue reading
The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.