Siemens, Moxa Devices Exposed To DoS Attacks By Profinet Vulnerability – Experts Reaction

By   ISBuzz Team
Writer , Information Security Buzz | Feb 17, 2020 04:36 am PST

In response to reports that a serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks, cybersecurity experts offer perspective.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
February 17, 2020 12:41 pm

This is an interesting vulnerability as it can be triggered accidentally by employee misconfiguration and go undetected. This is similar in nature to how we see a constant slew of cloud buckets which are misconfigured to expose private records to the public.

It highlights the underlying issue and the importance of having a strong security culture throughout an organisation so that each employee is aware of their security responsibilities and the risks they face. Organisations should also invest in staff training to ensure they have the required skills.

Alongside this, it is important to have assurance controls in place that regularly check the configurations of devices, applications, the network, and all systems to ensure they are configured correctly and operating as intended.

Last edited 4 years ago by Javvad Malik
James McQuiggan
James McQuiggan , Security Awareness Advocate
February 17, 2020 12:40 pm

Recently Profinet released a press release that Profinet International are improving the security of their protocol, so the timing of this vulnerability is key. This vulnerability also includes a Remote Code Execution capability, so this needs to be a priority to all organizations that use Profinet and to patch as soon as possible. This vulnerability will give anyone that is in the network to impact the devices without needing to authenticate and can be done remotely through the profinet protocol.

Organizations can\’t simply block the Profinet protocol and will need increase monitoring and consider the communication strictly between the necessary devices to prevent an attack. If a criminal hacker gains access to the ICS network they could cause serious damage to the devices. It is important for organizations to have their ICS networks isolated, not necessarily air gapped but have encrypted communications and consider using a separate system, possible a jump host to gain access to the network from the corporate network, instead of allowing a many corporate to many ICS system connection.

Last edited 4 years ago by James McQuiggan

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x