In response to reports that a serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks, cybersecurity experts offer perspective.
In response to reports that a serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks, cybersecurity experts offer perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This is an interesting vulnerability as it can be triggered accidentally by employee misconfiguration and go undetected. This is similar in nature to how we see a constant slew of cloud buckets which are misconfigured to expose private records to the public.
It highlights the underlying issue and the importance of having a strong security culture throughout an organisation so that each employee is aware of their security responsibilities and the risks they face. Organisations should also invest in staff training to ensure they have the required skills.
Alongside this, it is important to have assurance controls in place that regularly check the configurations of devices, applications, the network, and all systems to ensure they are configured correctly and operating as intended.
Recently Profinet released a press release that Profinet International are improving the security of their protocol, so the timing of this vulnerability is key. This vulnerability also includes a Remote Code Execution capability, so this needs to be a priority to all organizations that use Profinet and to patch as soon as possible. This vulnerability will give anyone that is in the network to impact the devices without needing to authenticate and can be done remotely through the profinet protocol.
Organizations can\’t simply block the Profinet protocol and will need increase monitoring and consider the communication strictly between the necessary devices to prevent an attack. If a criminal hacker gains access to the ICS network they could cause serious damage to the devices. It is important for organizations to have their ICS networks isolated, not necessarily air gapped but have encrypted communications and consider using a separate system, possible a jump host to gain access to the network from the corporate network, instead of allowing a many corporate to many ICS system connection.