Siemens, Moxa Devices Exposed To DoS Attacks By Profinet Vulnerability – Experts Reaction

In response to reports that a serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks, cybersecurity experts offer perspective.

Experts Comments

February 17, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
This is an interesting vulnerability as it can be triggered accidentally by employee misconfiguration and go undetected. This is similar in nature to how we see a constant slew of cloud buckets which are misconfigured to expose private records to the public. It highlights the underlying issue and the importance of having a strong security culture throughout an organisation so that each employee is aware of their security responsibilities and the risks they face. Organisations should also.....Read More
This is an interesting vulnerability as it can be triggered accidentally by employee misconfiguration and go undetected. This is similar in nature to how we see a constant slew of cloud buckets which are misconfigured to expose private records to the public. It highlights the underlying issue and the importance of having a strong security culture throughout an organisation so that each employee is aware of their security responsibilities and the risks they face. Organisations should also invest in staff training to ensure they have the required skills. Alongside this, it is important to have assurance controls in place that regularly check the configurations of devices, applications, the network, and all systems to ensure they are configured correctly and operating as intended.  Read Less
February 17, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
Recently Profinet released a press release that Profinet International are improving the security of their protocol, so the timing of this vulnerability is key. This vulnerability also includes a Remote Code Execution capability, so this needs to be a priority to all organizations that use Profinet and to patch as soon as possible. This vulnerability will give anyone that is in the network to impact the devices without needing to authenticate and can be done remotely through the profinet.....Read More
Recently Profinet released a press release that Profinet International are improving the security of their protocol, so the timing of this vulnerability is key. This vulnerability also includes a Remote Code Execution capability, so this needs to be a priority to all organizations that use Profinet and to patch as soon as possible. This vulnerability will give anyone that is in the network to impact the devices without needing to authenticate and can be done remotely through the profinet protocol. Organizations can't simply block the Profinet protocol and will need increase monitoring and consider the communication strictly between the necessary devices to prevent an attack. If a criminal hacker gains access to the ICS network they could cause serious damage to the devices. It is important for organizations to have their ICS networks isolated, not necessarily air gapped but have encrypted communications and consider using a separate system, possible a jump host to gain access to the network from the corporate network, instead of allowing a many corporate to many ICS system connection.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.