ICS Summary for Week of October 6, 2017

By Kimberly Matsumoto on October 6, 2017

Siemens Data Manager Found Vulnerable

ICS-CERT reported this week that security researcher, Maxim Rupp, found a vulnerability in Siemens’ 7KT PAC1200 data manager.  This vulnerability allowed a remote attacker to bypass authentication and perform high level administration functions on the exploited device.  Siemens has released a firmware update to address the issue this critical vulnerability.

The 7KT PAC1200 measuring device is a part of Siemens’ SENTRON portfolio, designed to monitor  power usage and is used worldwide in the energy sector.  Sensors are used for this power detection and it sends back the information graphically or as values through a web browser or an application (iOS and Android).

Siemens 7KT PAC1200

The integrated web server, accessible through TCP port 80, contained a vulnerability that gave a remote, unauthenticated attacker the capabilities to bypass authentication.  This is done using an alternate path or channel.  If exploited, this allowed the attacker to perform administrative commands over the network.  Through the web interface, the attacker could gain information on power usage statistics or even alter settings related to various areas, such as the sensors and Modbus protocol.

The vulnerability was given a high CVSS score of 9.8 (out of 10).  It is strongly advised that users update their firmware as soon as possible and to take defensive precautions on network access to the server.  To do this, ICS-CERT recommends that users minimize network exposure for all control system devices, isolate these devices from the business network, and if remote capabilities are required, users need to understand the risks involved with implementing a Virtual Private Network (VPN) or other such method.

Vulnerable Devices:

  • Siemens 7KT PAC1200 – Any version prior to V2.03

Patches and Updates:

Sources: ICSA-17-278-02 (ICS-CERT), Critical Flaw Found in Siemens Smart Meters (Security Week)

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu