Ilya Karpov of Russian security company, Positive Technologies, has declared nine vulnerabilities in Siemens industrial control system kit in critical operations. Now patched, the holes included two for Schneider Electric kit that cover a mix of remote and local exploits. These can allow attackers easy and beneficial system access.
The vulnerabilities (CVE-2015-2823) scored a severity rating of 6.8. They allow remote net pests to authenticate by using a password hash and not the associated password. It affects a variety of specialist SIMATIC WinCC products.
According to the US computer emergency response team (CERT), the vulnerabilities include man-in-the-middle for attackers acquiring the network path between Programmable Logic Controllers and their communication partners. They also include a denial of service for bad guys in between a Human Machine Interface panel and a PLC.
The agency warns that attackers with an intermediate skill level would be able to exploit the vulnerabilities and could direct “man-in-the-middle attacks, denial-of-service attacks and possibly authenticate themselves as valid users”.
Researchers at Positive Technology are masters in hacking industrial control and SCADA systems. They found flaws in WinCC kit last year that were also applied in the Iran's Natanz nuclear plant by Stuxnet and in monitoring systems for the Large Hadron Collider, allowing industrial systems to be compromised.