Industrial control systems/operational technologies (ICS/OT) systems are in our lives. Whether we’re using water, electricity, gas at our home or manufacturing automobiles in factories we relay on those systems. Protecting ICS/OT is not an easy task, however there are certain things that can be done to make attackers’ job harder. Let’s take a look a specific Siemens vulnerability. Last year Siemens issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers (PLCs)—industrial control systems used to remotely monitor and operate manufacturing equipment. The alert, originally issued in December of 2016, was updated last year to include another version of the S7-400 line. The Department of Homeland Security pushed out an alert through the Industrial Control Systems Computer Emergency Response Team (ICS-CERT). The systems in both device families are vulnerable to remote attacks that could allow someone to obtain login credentials to the system or reset it into a “defect” mode, shutting down the controller—essentially executing a denial-of-service attack on whatever equipment it is attached to. It is pretty scary right? However there are more than thousands of Siemens product that are connected to the Internet based on my research.
Some of those organizations have deployed honeypot, specifically conpot i.e. University of Maryland. However that doesn’t change the fact that there are more than thousand vulnerable Siemens PLCs that are connected to the Internet.
Disconnecting those equipment from Internet will be the right move. Then scheduling downtime and updating the firmware will remove the vulnerability completely.