Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Risks to ICS Environments From Spectre and Meltdown Attacks

The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010.

The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010. Many AMD, ARM and other chipsets are also affected.

Spectre and Meltdown are different, but related. Spectre comprises two vulnerabilities: CVE-2017-5753 (bounds check bypass) and CVE-2017-5715 (branch target injection), while Meltdown consists of CVE-2017-5754 (rogue data cache load).

These vulnerabilities make systems susceptible to ‘side-channel’ attacks, which rely on physical hardware implementation, and do not directly attack the logic or code. These types of attacks generally include things such as tracing electromagnetic radiation (i.e. TEMPEST), monitoring power consumption, analyzing blinking lights, cache analysis, etc.

Which devices are at risk?

Whether or not a specific device is at risk depends on multiple factors, such as chipset, firmware level, etc. Needless to say, we can expect substantial research and patching in the near future.

Many HMIs, panels, and displays utilize the affected chips. Some PLC manufacturers are still assessing the threat

Many systems that support industrial controllers such as automation systems, batch control systems, production control servers, printers, OPC Systems, SCADA systems, peripheral devices, and IIoT devices including cameras, sensors, etc., are likely vulnerable. However, Spectre and Meltdown vulnerabilities in these systems does not necessarily mean industrial control devices are at risk.

What is the impact to industrial control devices and systems?

The Spectre and Meltdown vulnerabilities can be used to compromise a device, allowing an attacker to access privileged data in the system. The vulnerabilities do not grant access to the system, they only enable attackers to read data that should otherwise be restricted. In other words, an attacker still needs to break into the system to execute the attack.

While this is a serious threat in systems with multiple users, like a cloud solution for example, it doesn’t pose a high level of risk in single-user systems.

To use an analogy, these vulnerabilities essentially enable you to read people’s minds — as long as you’re in the same room with them. You could access data that’s meant to be private, such as secrets, confidential or sensitive information, and more.

If you’re in a room by yourself, you already have access to all the secrets of the people in that room – i.e. yourself. What’s the point of executing an attack on your own mind, if you already have access to it?

In a nutshell, that’s the idea behind Spectre and Meltdown. They’re effective in a multi-tenant environments where one user’s secrets must be kept private from other users.

Since ICS environments are not multi-tenant, these vulnerabilities do not enable access to any data not already available to anyone with system access. 

What can be done to mitigate the risk?

First and foremost, being aware of what exists in the ICS environment is critical, since undocumented devices can’t be secured. Therefore, automated asset inventory tools are essential to understanding what equipment is at risk and requires attention.

Next, having in-depth visibility into asset inventory is vital. Without this, you’re left with a list of industrial devices that must be manually examined to determine whether their specific hardware module is affected.

Automated ICS asset inventory tools are also valuable for identifying vulnerable devices and tracking patching efforts. 

Finally, in order to exploit these vulnerabilities, an attacker needs access to the network. This emphasizes the importance of having a network monitoring system, which can identify anyone connecting into the network, as well as communicating with or modifying key assets.

Related: Learn More at SecurityWeek’s ICS Cyber Security ConferrenceSingapore | USA 

Related: ICS Vendors Assessing Impact of Meltdown, Spectre Flaws

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

ICS/OT

Serious vulnerabilities found in Econolite EOS traffic controller software can be exploited to control traffic lights, but the flaws remain unpatched.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.