Critical Remote Code-Execution Bugs Threaten Global Power Plants

I’d like the lights to stay on over the holidays so let’s hope the power companies mitigate this quickly…:

Siemens industrial equipment commonly found in fossil-fuel and large-scale renewable power plants are riddled with multiple security vulnerabilities, the most severe of which are critical bugs allowing remote code-execution.

The affected product is SPPA-T3000, a distributed control system used for orchestrating and supervising electrical generation at major power plants in the U.S., Germany, Russia and other countries. It is plagued with 17 different bugs, uncovered by researchers at Positive Technologies.

“By exploiting some of these vulnerabilities, an attacker could run arbitrary code on an application server, thereby taking control of operations and disrupting them,” Vladimir Nazarov, head of ICS security at Positive Technologies, said in a media advisory issued on Thursday. “This could potentially stop electrical generation and cause malfunctions at power plants where vulnerable systems are installed.”

The vulnerabilities were discovered in two specific components of the platform: The application server (seven bugs) and the migration server (10 found).

The most severe of the issues can enable RCE on the application server. For instance, CVE-2019-18283, a critical deserialization of untrusted data bug, would allow an attacker to “gain remote code-execution by sending specifically crafted objects to one of its functions,” according to Siemens’ advisory.


Original article here