ABB, a Switzerland-based company that produces software for control systems in the energy industry, has acknowledged that its PCM600 suffers from four vulnerabilities related to insecure password storage. The one who detected and reported them to the vendor was Ilya Karpov, an ICS security expert from Positive Technologies.
As noted in the ICS-CERT advisory, the ABB engineer software for industrial automation management (protective relay, IED) is deployed in electric power substations around the world. PCM600s up to and including version 2.6 suffer from the vulnerabilities found by Ilya Karpov. Exploiting these flaws allows a low-skilled attacker or malicious software access a local machine that has ABB\’s PCM600 installed, reconfigure a project or obtain critical information to leverage read and write access via OPC.
All four PCM600 vulnerabilities are related to sensitive data storage and processing:
- CVE-2016-4511 — Weak hashing algorithms for project password storage
- CVE-2016-4516 — Passwords are stored in plain text, if a user doesn’t readdress the dialog box for changing a project password via the configuration menu
- CVE-2016-4524 — OPC server passwords are stored in plain text
- CVE-2016-4527 — Insecure transfer and storage of sensitive data in the database
ABB has already issued a hot fix for version 2.6 and released version 2.7 that resolves all reported vulnerabilities. The company recommends that customers apply the update at earliest convenience.
Other measures include:
⎯ Restricting physical access to objects for unauthorized persons
⎯ Forbidding ICS direct Internet connection
⎯ Forbidding usage of online services (email, messengers) at user workstations
⎯ Connecting to other networks exclusively via firewalls with a limited amount of open ports
⎯ Antivirus scanning of all portable computers and storage devices prior to connection to control systems
You may find the details on maintaining PCM600 security in the vendor’s manual.
It is worth mentioning that the ABB control systems are popular in Russia. According the Positive Technologies ICS security research, ABB product specialists in Russia hold the third place in the segment of programmable logic controllers.