CISA
Critical infrastructure
Industrial Cyber Attacks
Industries
Manufacturing
Mining, Oil & Gas
News
Utilities: Energy & Power, Water, Waste

Security defects found in ICS equipment from Aveva, xArrow, Siemens

August 20, 2021
security defects

The Cybersecurity and Infrastructure Security Agency (CISA) announced this week the presence of security defects in AVEVA Software’s SuiteLink Server equipment and xArrow SCADA hardware. Siemens also found a code execution vulnerability in its SINEMA Remote Connect Client equipment.

Heap-based buffer overflow, null pointer dereference, and improper handling of exceptional conditions were the security defects found in AVEVA’s SuiteLink Server, usually found in the critical infrastructure sectors, including chemical, critical manufacturing, energy, food, and agriculture, and water and wastewater systems, CISA said in its advisory

AVEVA reports that all current and previous versions of its System Platform 2020 R2 P01, InTouch 2020 R2 P01, Historian 2020 R2 P01, Communication Drivers Pack 2020 R2, Operations Integration Core 3.0, Batch Management 2020, MES 2014 R2, and all versions of Data Acquisition Servers contain the vulnerable version of the SuiteLink Server and are affected.

The British company said in its advisory that the security defects if exploited, will cause the SuiteLink Server to crash while parsing a malicious packet. Additionally, it may theoretically be possible to achieve Remote Code Execution, but no proof of concept exists. SuiteLink Clients are not affected by this vulnerability and do not need to be patched, it added.

AVEVA advised organizations to evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with affected versions of these products should apply the corresponding security update.

Cross-site scripting and improper input validation security defects that when breached can result in remote code execution have been found in the xArrow SCADA equipment. 

CISA also revealed that security defects were identified in xArrow SCADA/HMI versions 7.2 and prior. Sharon Brizinov from Claroty, and Michael Heinzl reported these vulnerabilities to the security agency. 

xArrow has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products who would like to see more responsible security are invited to contact xArrow customer support. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Siemens reported on Thursday that the latest update for its SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.

SINEMA Remote Connect is a management platform for remote networks that enables the simple management of tunnel connections (VPN) between headquarters, service technicians, and installed machines or plants. It provides both the Remote Connect Server, which is the server application and the Remote Connect Client, which is an OpenVPN client for optimal connection to SINEMA Remote Connect Server.

Siemens identified specific workarounds and mitigations that customers can apply to reduce the risk, including not accessing links from untrusted sources and restricting access to hosts running SINEMA Remote Connect Client to trusted personnel.

The latest security weakness from Siemens adds to last week’s CISA list of security vulnerabilities that were found in the company’s equipment deployed across multiple critical infrastructure sectors.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation