Flaws in Siemens SPPA-T3000 Control System Expose Power Plants to Hack
December 14, 2019
CCME (4607 articles)
Share

Flaws in Siemens SPPA-T3000 Control System Expose Power Plants to Hack

Experts discovered tens of flaws in the Siemens SPPA-T3000 control systems that could be exploited to attackfossil and renewable power plants.

Siemens informed customers that the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security issues.

Some of the vulnerabilities have been rated as critical and could be exploited by attackers to trigger a denial-of-service (DoS) condition or to execute arbitrary code on the server.

Siemens pointed out that in order to exploit the vulnerabilities, an attacker requires access to the Application Highway or the Automation Highway.

“SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server.” reads the security advisory published by Siemens.”Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the Siemens SPPA-T3000 security manual.”

Siemens SPPA-T3000

Most of the vulnerabilities were reported by researchers at Kaspersky and Positive Technologies in October 2018 and December 2018, other issues were discovered by an expert from Turkish firm Biznet Bilişim.

“By exploiting some of these vulnerabilities, an attacker could run arbitrary code on an application server, which is one of the key components of the SPPA-T3000 distributed control system. Attackers can thereby take control of operations and disrupt them. This could stop electrical generation and cause malfunctions at power plants where vulnerable systems are installed.” said Vladimir Nazarov, Head of ICS Security at Positive Technologies.

Waiting for a fix from Siemens, customers should implement a series of mitigations:

  • Implement mitigations described in the SPPA-T3000 security manual
  • Restrict access to the Application Highway using the SPPA-T3000 Firewall
  • External components should be connected only to the SPPA-T3000 DMZ; no bridging of an external network to either the Application- or Automation highways is allowed
  • Perform regular updates of the SPPA-T3000 (e.g. Security Server if available)
  • Implement mitigations provided in the customer information letter distributed via the customer service portal
  • Please contact your local Siemens representative if you need help securing your SPPA-T3000 installation

Siemens said that it is not aware of attacks in the wild that exploited one of these flaws.

This post Flaws in Siemens SPPA-T3000 Control System Expose Power Plants to Hack originally appeared on Security Affairs.

Read More

Related articles

Data Breach at Texas Benefits Recovery Firm

Data Breach at Texas Benefits Recovery Firm

Three Mobile breached, millions of UK customers’ data at risk

Three Mobile breached, millions of UK customers’ data at risk

Roboto, a New P2P Botnet Targets Linux Webmin Servers

Roboto, a New P2P Botnet Targets Linux Webmin Servers