Tenable, the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications heavily used in manufacturing, oil and gas, water, automation, wind and solar power facilities in the U.S. If exploited, the vulnerability could give cybercriminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.
As underscored by the joint warning, OT systems have become high-value targets for cybercriminals around the world, which presents major challenges to human safety as well as ongoing productivity, uptime and efficiency. At the same time, the deployment of cybersecurity measures lag behind the digitisation of our critical infrastructure, resulting in an acute inability to accurately understand and represent cybersecurity risk at any given time — creating a massive Cyber Exposure gap.
The vulnerability discovered by Tenable Research impacts InduSoft Web Studio, an automation tool used to develop HMIs, supervisory control and data acquisition (SCADA) systems and embedded instrumentation solutions that connect OT with the Internet or corporate intranets, and InTouch Machine Edition, a scalable HMI client. This software is commonly deployed across several heavy industries, including manufacturing, oil and gas and automotive. With the growing adoption of distributed and remote monitoring in industrial environments, OT and IT are converging. As OT becomes increasingly connected and boundaryless, these safety-critical systems are increasingly vulnerable to cyberattacks.
“Digital transformation has made its way to critical infrastructure, connecting once-isolated systems to the outside world,” said Dave Cole, chief product officer, Tenable. “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants cybercriminals looking to do serious damage to systems that quite literally power our communities. Tenable Research is focused on assessing, analysing and reducing the industry’s overall Cyber Exposure across the modern computing environment — be it cloud, IT, IoT or OT. Solving this growing problem requires us to come together as an industry and we commend Schneider Electric at the speed they released a patch to remediate this critical issue.”
A remote attacker without credentials can leverage this vulnerability to execute arbitrary code on vulnerable systems, potentially leading to full compromise of the InduSoft Web Studio or InTouch Machine Edition server machine. A threat actor can use the compromised machine to laterally move within the victim’s network and execute further attacks.
Tenable Research worked with the vendor to responsibly disclose the vulnerability and Schneider Electric has released patches for both affected systems. Given the widespread prevalence and market share of the affected software in the OT space, urgent attention and response from affected users is required.
For more information on the vulnerability, read the Tenable Research Advisory blog post here — https://www.tenable.com/blog/tenable-research-advisory-critical-schneider-electric-indusoft-web-studio-and-intouch-machine
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.