| Developers: | Power meter Electrotechnical plants |
| Technology: | ASCAPC |
Main article: Automated System of Commercial Metering of Energy and Power (ASKUE)
2023: Identifying three vulnerabilities
Expert Positive Technologies Anton Boyarkin identified three vulnerabilities SYe805M manufactured by Energomer in the SUPD - devices for collecting data energy resources from metering devices and transferring systems received information to the upper level, as well ASCAPC as for controlling and monitoring the state of the automation facility. Such equipment is used at substations, in distribution boards of industrial enterprises, residential and office buildings. Positive Technologies announced this on December 28, 2023.
According to monitoring data, the most potentially vulnerable devices are in Russia (51%) and Azerbaijan (28%). They are also found in Belarus (2%), Germany (2%) and Kazakhstan (1%).
 | Hundreds of counters can be connected to one such device. Using a vulnerable DRC as a gateway, an attacker could not only gain access to them and disrupt the accounting system in this area, but also turn off the power supply, "said Anton Boyarkin, head of the security department of industrial control systems at Positive Technologies. - The device is used as part of the ASKUE systems by power grid companies and is presented here at the Standoff 365 training ground, where it collects data from smart meters (as in apartment buildings) with the ability to remotely control the load. |  |
The first vulnerability discovered refers to a critical level of danger, and the other two to a high level. The BDU:2023-04841 vulnerability, which received an almost maximum rating on the CVSS 3.0 scale (9.8), allowed changing hardware parameters. The second vulnerability - BDU:2023-04842 - made it possible to violate the integrity of the database or cause a denial of service (estimate 8.1), and the third - BDU:2023-04843 - allowed an attacker to modify a device parameter in such a way as to insert OS commands that will be executed when starting an automatic update of application software (estimate 8.8).
The manufacturer recommends updating the built-in ON device to version 4.13. In addition, Positive Technologies experts recommend, if possible, restricting or denying access to a network port designed to remotely configure DRC.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |