Connect with us

Hi, what are you looking for?



More Industrial Products at Risk of KRACK Attacks

An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.

An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.

The KRACK (Key Reinstallation Attack) flaws affect the WPA and WPA2 protocols and they allow a hacker within range of the targeted device to launch a man-in-the-middle (MitM) attack and decrypt or inject data. A total of ten CVE identifiers have been assigned to these security bugs.

The vulnerabilities impact many products, including devices designed for use in industrial environments. The first industrial solutions providers to warn customers about the KRACK attack were Cisco, Rockwell Automation and Sierra Wireless.

Cisco said the flaws affect some industrial routers and access points, for which the company has released updates. Rockwell and Sierra Wireless have also identified impacted products and provided patches and mitigations.KRACK affects industrial products

Other industrial solutions providers have come forward in the past weeks to admit that their products are affected.

Siemens said the KRACK vulnerabilities affect some of its SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS products. The company is working on releasing updates that will address the security holes and, in the meantime, it has provided some mitigations.

Swiss-based ABB informed customers that TropOS broadband mesh routers and bridges running Mesh OS 8.5.2 or prior are also vulnerable to KRACK attacks. ABB has yet to release patches, but it did provide workarounds and mitigations.

German industrial automation firm Phoenix Contact also confirmed that three of the KRACK flaws affect some of its BL2, FL, ITC, RAD, TPC and VMT products. The company said the impact is limited for some of its products, and pointed out that in many cases the attacker would have to be inside the plant in order to conduct an attack.

Advertisement. Scroll to continue reading.

Phoenix is working on patching the vulnerabilities in affected products. The vendor has advised customers using devices running Windows to install the security updates provided by Microsoft.

Lantronix informed customers that several of its wireless connectivity solutions are impacted by KRACK, including PremierWave ethernet-to-WiFi gateways, WiPort wireless ethernet bridges, MatchPort programmable embedded device servers, xPico embedded IoT WiFi modules, SGX IoT device gateways, and WiBox wireless device servers.

The company has released a patch for PremierWave 2050. For the other products, fixes are expected to become available by the end of the year.

Some Johnson Controls products may also be vulnerable to KRACK attacks. The company’s product security and incident response team (PSIRT) is currently assessing the impact of these flaws.

Kaspersky Lab’s ICS-CERT team pointed out that while KRACK attacks can be launched against industrial control systems (ICS) — for example, some PLCs use Wi-Fi for remote management — the biggest risk is to network communication devices, smartphones and tablets used by engineers and operators for remote access to ICS.

“In most cases KRACK attacks present virtually no risk to those large industrial and critical infrastructure systems that do not use 802.11 technologies. Today, such systems constitute an absolute majority,” explained Ekaterina Rudina, senior system analyst in Kaspersky’s ICS-CERT team. “Even in cases where these technologies may be used, physical restrictions on access to the controlled zone (e.g., a specific manufacturing unit) would prevent an attack from being carried out.”

“The main risk zone still encompasses those industrial sectors the security of which is given a lower priority than that of critical infrastructure systems and where using wireless technologies to upgrade systems or meet industrial network maintenance needs has become necessary but where compliance with the ‘best practices’ supported by major vendors is not possible because the changes required are too complicated or too costly,” Rudina added.

Related: Thousands of Malware Variants Found on Industrial Systems

Related: One-Third of Industrial Networks Connected to Internet

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.