Critical vulnerability in Industrial Control Systems (ICS) firewall

Critical vulnerability in Industrial Control Systems (ICS) firewall

CyberX Threat Intelligence uncovers cyberattackers that can exploit vulnerability to impact safety and production in critical infrastructure sectors.

November 4, 2016
Manufacturing Group
Machining/Metal Cutting Software/IoT/Apps

Framingham, Massachusetts and Atlanta, Georgia – CyberX, the industrial cybersecurity company protecting ICS infrastructures worldwide, announced that its threat research team has uncovered a critical zero-day vulnerability in a commonly used industrial firewall, impacting sectors such as manufacturing, chemicals, transportation, and energy.

Nation-states, cybercriminals, hacktivists and other cyberattackers can exploit the Remote Code Execution (RCE) vulnerability to attack critical infrastructure sectors such as energy, chemicals, transportation and manufacturing.

By penetrating industrial networks to manipulate actuators, motors and valves controlling large-scale physical processes, cyberattackers can cause – or threaten to cause – major power outages, production stoppages, catastrophic safety failures, and environmental release of hazardous materials. The vulnerability clearly shows that relying on industrial firewalls alone is no longer sufficient to protect our industrial networks.

CyberX has also discovered a total of seven zero-day vulnerabilities in commercial Programmable Logic Controller (PLC) devices used to control core industrial components such as sensors and relays. The announcements were made today in a featured presentation at the annual ICS (Industrial Controls Systems) Cyber Security Conference in Atlanta, GA.

CyberX enables organizations to detect and respond faster to cyberattacks and unauthorized activities in their ICS infrastructures. The company's industrial cybersecurity platform combines continuous network monitoring and non-invasive vulnerability assessments with advanced analytics and deep network forensics.

Proprietary threat intelligence produced by CyberX's research team – such as the discovery of unpublished ICS vulnerabilities – is also integrated into the platform to enrich its analytics and detection capabilities. To uncover the ICS vulnerabilities announced today, the team used a combination of graph analytics, machine learning and other advanced algorithmic techniques.

"Innovation is the key to defending against determined adversaries," said David Atch, CyberX's VP of Research. "We are pleased to collaborate with ICS vendors in a responsible disclosure process that enhances industrial cybersecurity for all organizations worldwide."

The critical zero-day discovered in the industrial firewall is a buffer overflow vulnerability in the firewall's embedded HTTP server. It allows cyberattackers to execute arbitrary code on the device, potentially allowing them to change firewall rules, eavesdrop on network traffic and inject their own malicious packets. Cyberattackers can also exploit weak authentication and/or known vulnerabilities in downstream PLCs to control them and cause cyber-physical damage.

About CyberX
Recognized by Gartner as a "Cool Vendor" and by the International Society of Automation (ISA) for "Excellence in Corporate Technical Innovation," CyberX is the industrial cybersecurity company protecting ICS infrastructures worldwide. We are the only industrial cybersecurity company chosen by the Israel Cyber Security Consortium for the 2020 Olympic Games in Japan.

A member of the Industrial Internet Consortium (IIC) and the ICS-ISAC, we regularly contribute zero-day vulnerability discoveries to both the US DHS and industrial vendors.

Source: CyberX