In a traditional work site setup, compromising a single device is all it takes for a hacker to create a cascading series of disruptions across the ICS network. A new vulnerability allowing such an attack was discovered just this last week by TXOne Networks’ very own Ta-Lun Yen in Siemens’ SIMATIC HMI panels. These devices are used to monitor and control machines and work sites, and this high-severity vulnerability allows an intruder to create a starting point on the network for launching further attacks.
Siemens has stated that all versions of both SIMATIC HMI Comfort Panels and SIMATIC HMI KTP Mobile Panels can be compromised by targeting this vulnerability, and should be updated to the latest version immediately to reduce risk. While Telnet is not enabled by default on these devices, Siemens has shared that making sure it stays disabled is another way to secure these systems from malicious interference. Without a patch, intruders could use exploits on affected assets to create a point of entry allowing access to other systems, as well as cause disruption by “bricking” the device.
One of TXOne Networks’ core technologies, network segmentation, sets the network into different zones that are easily monitored and protected from threats. In a code red situation, the security team’s streamlined threat response and a threat’s inability to move between zones allow for agile threat response that insures the operation keeps running. Learn more about network segmentation here, and you can check the threat advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) here.
