Multiple RCE Vulnerabilities Found In Siemens Power Generation Plants

Like every other thing connected to the internet, power plants are also vulnerable to cyber attacks.  Recently, researchers caught numerous vulnerabilities in Siemens equipment installed at power generation plants globally.

Vulnerabilities In Power Plants

Reportedly, researchers from Positive Technologies found numerous security vulnerabilities in Siemens equipment at power generation plants. The bugs existed in the SPPA-T3000 components making them prone to cyber attacks.

Commenting about the vulnerabilities, Vladimir Nazarov, Head of ICS Security at Positive Technologies, said,

By exploiting some of these vulnerabilities, an attacker could run arbitrary code on an application server, which is one of the key components of the SPPA-T3000 distributed control system. Attackers can thereby take control of operations and disrupt them. This could stop electrical generation and cause malfunctions at power plants where vulnerable systems are installed.

According to their advisory, the vulnerabilities existed in the app server and migration server components. Of these, seven vulnerabilities existed in the app server code, of which, three could allow arbitrary code execution. Whereas three others could let an attacker create DoS due to insufficient authentication, and the remaining single flaw could allow arbitrary file uploads.

Besides, they also found 10 security flaws in the MS-3000 migration server. These include seven heap overflow bugs, and two remote arbitrary files read and write flaws.

In all, these vulnerabilities include multiple critical security bugs with a CVSS score of 9.8. Nonetheless, Siemens has confirmed no active exploitation of any vulnerability.

Patches Released

Upon finding the bugs, PT Security worked with Siemens to protect the vulnerable systems that risked power generation plants globally.

In response, Siemens released patched for the vulnerabilities CVE-2019-18331, CVE-2019-18333, and CVE-2019-18334 in SPPAT3000 Service Pack R8.2 SP1. Whereas, for all other flaws, Siemens has shared workarounds and mitigation strategies in their advisory, for the users to apply.

Thus, the users of the respective equipment must ensure updating their systems with the patches at the earliest.

Recently, researchers also found aircraft warning lights exposed to the internet, hence becoming vulnerable to cyber attacks.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients