MasterSCADA

The main articles are:

• SCADA purpose of systems
• APCS - typical structure

MasterSCADA is used by Russian developers for automation in a wide variety of industries and housing and communal services. The number of projects implemented based on this product exceeds 10,000. It competes with foreign developments.

2024

FSTEC warns of the possibility of an attack on the popular Russian SCADA

In early November, FSTEC sent out a warning about the discovery of a critical vulnerability BDU:2024-08797^[1] in the Russian product for industrial systems MasterSCADA 3.X, which allows an intruder acting remotely to execute arbitrary code. The CVSS vulnerability hazard is defined as 9.8 out of 10. The manufacturer has already fixed the defect, but for industrial systems, updating the software can be a rather long process.

The vulnerability is related to the shortcomings of the deserialization mechanism for incoming data. Since converting serialized data to a program object allows you to get executable code (this is the deserialization process), an error in the implementation of this algorithm allows an attacker to impose the execution of foreign code. This possibility was identified by researcher Ainur Akchurin from Positive Technologies.

This vulnerability was found in the MasterSCADA 3.X system, "Ainur Akchurin, an expert at the information security group of industrial control systems Positive Technologies, explained for TAdviser. - It has a critical level in CVSSv3 - 9.8. This means that the vulnerability leads to a compromise of the host (in this case, the operator's workplace), and no credentials or the use of social engineering methods are needed to exploit it. Despite the fact that SCADA systems must be isolated from both the Internet and the local corporate network, industrial companies are regularly subjected to massive attacks. Accordingly, there is a great risk of being hacked by exploiting this vulnerability.

It should be noted that now MasterSCADA is actively developing and being implemented at Russian enterprises.

MasterSCADA 4D is a product of a new generation of SCADA systems developed by MPS Software, "Alexandra Isabekova, an expert in the Angara Security application systems department, explained to TAdviser readers. - This system has gained popularity among Russian companies and enterprises due to its accessibility, adaptation to Russian standards and security requirements. It is used in enterprises in power, housing and communal services, industry and even in transport infrastructure, as it has a modular and scalable architecture. At the same time, the popularity of MasterSCADA continues to grow, since it not only provides the necessary functionality, but is also included in the unified register of Russian programs.

MasterSCADA use in various industries, including transport infrastructure

However, the serialization and deserialization technology of software objects, which is used in some modular systems, in case of its incorrect use, gives outsiders the opportunity to execute not the code that the developer calculated, but the outsider imposed by the attacker. For industrial systems, this feature can be quite dangerous.

Even with one implementation of this system (and there are more of them), the presence of a vulnerability in MasterSCADA would mean a very big risk, - said Kirill Semion, General Director of the ANO "National Competence Center for Holding Information Management Systems" (NCC ISU). - Moreover, the company is at great risk when the vulnerability is contained not only in this, but also in any product related to PCS. The fact is that an accident on real industrial units is always a very difficult story. Moreover, there is no big difference, it occurs on one unit or on several. In any case, an accident can mean serious consequences for the enterprise.

It is believed that industrial networks should not connect directly to the Internet. However, not everyone fulfills this rule.

Our SKIPA software tracks a fairly large number of publicly available interfaces of various SCADA systems, including domestic manufacturers, - Sergey Gordeichik, CEO of SyberOK, shared his data with TAdviser. - Among them there are also MasterSCADA control interfaces. Some of the publicly available interfaces of SCADA systems are demo stands, but most are related to the management of real industrial facilities. Of course, we first of all recommend restricting network access from the Internet to the entire technological segment of the network and, in particular, to SCADA control interfaces, since the presence of such access is already a gross violation of basic information security rules. If remote access is still necessary, then it is better to organize it through a trusted VPN tunnel.

Approximately the same recommendations are given by FSTEC specialists in their warning. Their list of compensatory measures is as follows:

• Isolate the SCADA networks of the MasterSCADA 4D system into a separate subnet for industrial equipment by physical or logical access restriction;
• Restrict access to the industrial segment from external networks (Internet);
• Strictly control physical access to AWS with MasterSCADA software.

It is also worth monitoring traffic within the technology segment to identify signs of exploitation of vulnerability and abnormal system behavior, which may be associated with the launch of extraneous processes in the technology segment.

In addition to restricting access to the industrial segment from the Internet and allocating MasterSCADA 4D to a separate subnet, controlling technological traffic through the SPAN port will be a good solution, "added Alexey Korobchenko, head of the information security department of the Security Code company. - In addition, it is necessary to implement a system for monitoring connections or security events on this software, which would "understand" not only industrial protocols, but could also work with serialized objects.

Compatibility with Alt Workstation 10 and Alt Server10

BASEALT"" confirmed the compatibility of OS Alt Workstation"" 10 and Alt Server"" 10 with the platform for building automation and control systems Master SCADA 4D from the company. MPS software"" This was announced BASEALT by "" on September 30, 2024.

Based on the test results, a compatibility certificate was signed confirming the correctness of the products on the hardware platform x86_64.

Cooperation with BASEALT opens new horizons for digitalization and automation of production processes, simplifies the transition to Russian software, "said Andrei Podlesny, Executive Director of IPU Software. - Users will be able to use MasterSCADA 4D and Alt OS in their projects, while receiving all the advantages of our platform, including backup mechanisms, visualization and analytics of the resulting industrial data. We are confident that the use of MasterSCADA 4D and Alt OS will help in solving the most important production problems and contribute to the strategic development of the Russian industry.

FSTEC recommends getting rid of critical vulnerabilities in the Russian MasterSCADA 4D

In early September 2024, FSTEC sent a warning about fixing several dangerous vulnerabilities in the Russian MasterSCADA 4D APCS, which is being developed and supported by MPS Soft. The developer MasterSCADA 4D has released a new version of its product, where it fixed a number of vulnerabilities discovered by Positive Technologies researchers and the ScadaX Security group back in 2023.

In particular, the FSTEC NOS contains information about the following fixed vulnerabilities in the product: BDU:^[2]:^[3]:^[4]:^[5]:^[6]: 2024-05646 (CVSS 8.6) and BDU: 2024-05660 (CVSS 5.3). The presence of exploits for them has not been recorded, which allows us to hope for the absence of exploitation of these vulnerabilities in "wildlife." To eliminate vulnerabilities, system users are advised to upgrade to the latest version of MasterSCADA 4D 1.3.5.

The most critical vulnerability (BDU:2024-05661) is due to an incorrect restriction on the path to the restricted directory, which allows the attacker to read and write arbitrary files and execute arbitrary commands. No less dangerous is the BDU:2024-05662 vulnerability, which arose due to the shortcomings of the authorization procedure and allows the offender to read and write arbitrary files. Also among the vulnerabilities are: disadvantages of service data protection (BDU: 2024-06547), unsuccessful restrictions on authentication attempts (BDU: 2024-05645), transmission of sensitive information in clear text (BDU: 2024-05663), incorrect path restrictions to a directory with sensitive data (BDU:2024-05646) and errors in processing input data (BDU: 2024-05660).

Such vulnerabilities are always dangerous for any information systems, "said Mikhail Sukhov, head of security analysis at Angara Security, in a conversation with TAdviser. - But if we are talking about APCS, and in this case even about SCADA system, then the danger increases many times. For the most part, this is due to the fact that through such systems the technological process is controlled at large factories and enterprises and any change can lead to large consequences, including physical destruction. Of course, here we are talking about the internal model of the violator, that is, when the attacker has already got inside the network of the enterprise.

It can be seen that in order to exploit the listed vulnerabilities, the attacker must be able to interfere or spy on the traffic transmitted towards MasterSCADA over the network so that the authorization procedure can be deceived, the password rewritten or access information sensitive for authentication in the system. However, even the most "non-dangerous" vulnerability of the BDU:2024-05660, in which the CVSS index is only 5.3 out of 10, actually allows to disable the APCS, which is fraught with significant losses for the industrial enterprise.

In Russia, for significant CII facilities, there are requirements for restricting network access, controlling access and authorization, which are established by law No. 187-FZ "On the Security of the CII of the Russian Federation" and regulatory acts of the FSTEC of Russia, - reminded TAdviser Vladislav Kormishkin, analyst-researcher of cybersecurity threats R-Vision. - These requirements include segmentation and isolation of the industrial segment from other systems, as well as the use of authentication and authorization tools, including multifactor authentication (MFA), for all critical systems. Companies that exploit vulnerable versions of the system and do not implement the requirements or recommendations established by law and regulations (depending on the category of the CII object) are subject to unauthorized access to critical systems and data.

However, industrial systems cannot be just taken and updated. It is often necessary to wait for process windows in the production process, when the equipment stops for maintenance and IT services are given time to update the software components included in the equipment. Understanding this, FSTEC experts recommend that compensatory measures be implemented before installing updates:

• Use firewalls to restrict remote access to the industrial segment
• Segment networks to restrict access to the industry segment from other subnets
• Restrict access to the industrial segment from external networks (Internet)
• Use virtual private networks to organize remote access (VPN).

The developer MasterSCADA has already given comprehensive recommendations: update the software to new versions, segment the network so that SCADA servers are not available from the Internet, from corporate and other segments of the enterprise network, - explained the recommendations for TAdviser Evgeny Orlov, head of information security of industrial systems Positive Technologies. - And to make sure that the network with SCADA servers is really isolated from other networks, the system of deep analysis of technological traffic will help. It provides the visibility of the process network and continuous monitoring, detecting any unauthorized access to SCADA servers and other APCS components both from outside and inside the protected perimeter. And manipulation of SCADA configuration files, attempts to replace, delete, copy them, successfully reveals SIEM with an industrial expertise package for popular automation systems, including MasterSCADA.

2023: MasterSCADA 4D 1.3

On March 6, 2023, MPS Software announced the release of an updated release of the MasterSCADA 4D 1.3 automation and dispatching platform.

According to the company, many different functions have been implemented in MasterSCADA 4D 1.3 and significant changes have been made to the current functionality. Most updates and improvements are implemented during feedback from product users, since it is user experience that determines the product development vectors.

Main improvements:

• Optimized performance of the development environment due to the ability to save the project DB PostgreSQL in and redesign the caching mechanism.
• The development environment has added floating window functionality - now it is possible to create a certain location of windows for comfortable work.
• In execution mode, the mechanism for transferring data between tasks has been changed and performance has been significantly optimized, and data encryption between tasks has been implemented.
• Implemented the ability to execute C# programs on Linux, including support for .Net.
• The TCP protocol for inter-node communication with encryption was implemented - the data transfer rate between nodes was increased to 800 thousand values ​ ​ per second, and the transmitted information was compressed to an average of 0.5 bytes per value.
• Updated Modbus TCP, Modbus over TCP, Modbus RTU protocol added. The protocol supports asynchronous polling of devices to optimize polling speed, supports group recording of several tags in one request, and also implements a window for importing and group editing tags.

Development environment:

• The first time you start, a conversion window is displayed to transfer the settings/projects/libraries from version 1.2.
• Support for storing projects in the PostgreSQL database has been implemented to increase the performance of the development environment.
• The compilation mechanism has been significantly redesigned: parallel compilation of nodes/tasks/windows, support for multithreaded compilation, caching of window compilation results, displaying errors in case of unsuccessful conversions.
• A mechanism for moving panels has been implemented - it is possible to create a window location for convenient work.

As-built system:

• Implemented the ability to execute C# programs on Linux, including support for.Net.
• The mechanism of data transfer between nodes has been changed - the limit of 65,000 links between parameters of various tasks/protocols has been removed, and the ability to transfer complex types of data between nodes has been implemented.
• The TCP protocol for inter-node communication has been significantly redesigned - now it is possible to transfer complex types of data between nodes, direct read access to project parameters is supported, the data transfer rate is optimized, and compression and encryption are implemented.
• PLC libraries added: Wirenboard 7, ABAC K2.

Protocol drivers:

• Updated Modbus TCP, Modbus over TCP, Modbus RTU protocol added. The protocol supports asynchronous polling of devices to optimize polling speed, supports group recording of several tags in one request, and also implements a window for importing and group editing tags.
• The SNMP Multi protocol is implemented with the ability to add individual devices and group reading of SNMP channels.
• DB import from Siemens PLC via txt file is implemented.

Visualization:

• The "selection tree" control has been improved - text settings and the appearance of checkboxes for the tree have been added, and filtering has been implemented.
• The " trend" control has been significantly improved - the "Auto scaling" box has been added to the legend, the display and color settings of the vertical and horizontal scroll bars have been added, as well as the setting of the "Method of reflecting graphs" template svg or canvas.
• The Back/Forward methods for navigating the history of URLs/windows opened in this container have been added to the window containers.

2022

Astra Linux Special Edition Compatibility

and GC "Astra" domestic the developer ON "" MPS software announced the completion of a set of compatibility tests OS Astra Linux and a fully functional MasterSCADA SCADA 4D platform designed for the development of automation systems and process dispatching. This was reported by the Astra Group of Companies on December 21, 2022. The results of the conducted showed tests : both the platform itself and the visualization MasterSCADA 4D Client correctly run Astra OS, which Linux confirms certificate No. 8655/2022, issued as part of the Ready IT for Astra Linux technology cooperation program.

SCADA software systems are in demand in everyone where industries operator control over processes is needed in real mode. time They are used to build or ensure the operation of systems for collecting, processing, displaying and archiving about data monitoring or control objects. SCADAs are used APCS in various industries. industries

MasterSCADA 4D register Ministry of Digital Development is a vertical integrated SCADA solution with a multi-level client server architecture for APCS and production process control, metering and dispatching systems. The product is positioned as a convenient tool for the rapid development of automation systems of any scale and complexity: from local projects to large geographically distributed complexes.

The synergy of the MasterSCADA 4D platform and Astra Linux OS opens up great opportunities for the digitalization of industrial enterprises, housing and communal services, buildings and other industries. In the context of import substitution, the use of MasterSCADA 4D products and Astra Linux OS will reduce sanctions risks, increase the level of security, autonomy and profitability of infrastructure and industrial facilities, commented Andrey Podlesny, Deputy General Director for Commercial Affairs of MPS Soft.

The period of globalization has ended, and it became clear that, in addition to the benefits left in the past from the separation of competencies, everyone received a whole range of problems: many highly demanded technologies have been developed abroad, and now it is necessary not only to create their own analogues as soon as possible, but also to ensure their correct work with non-import-dependent software and hardware. " Confirmation of compatibility of MasterSCADA 4D software with Astra Linux OS gives many organizations the opportunity to switch to the Russian software stack and at the same time ensure the continuity of technological processes, as well as minimize sanctions risks, said Dmitry Tarakanov, head of the department for the development of technological cooperation of Astra Group of Companies.

InfoDiode Compatibility

On May 30, 2022, the companies MPS software"" and AMT GROUP"" announced the signing of an official statement on the compatibility of the unidirectional transmission complex data InfoDiode software and Master. SCADA More. here

2021: MasterSCADA Product Ownership Change

On August 16, 2021, InSAT transferred to MPS Software the exclusive rights to the following products:

• MasterSCADA
• MasterSCADA 4D

Representatives of MPS Software shared information about this with TAdviser.

2020: MasterSCADA 4D compatibility with Red OS

Within the framework of the technological partnership, RED SOFT and InSAT conducted testing for the compatibility of their products. The developers confirmed the correctness of the MasterSCADA 4D software (manufactured by InSAT) on the RED OS operating system (manufactured by RED SOFT). The test results are reflected in a bilateral compatibility certificate, RED SOFT reported on August 18, 2020.

RED OS is a Russian Linux family operating system for servers and workstations, providing a universal environment for using application software. The product is certified by the FSTEC of Russia (No. 4060 of 12.01.2019), which confirms its compliance with information security requirements and allows its use in state information systems.

MasterSCADA 4D - software package "Vertically integrated SCADAMES object-oriented//SoftLogic-system for development , APCS/ ASCAPC ASTUE, ADMS,." ASPS MasterSCADA 4D is registered in (Unified register of Russian programs for computers and databases of the Ministry of Communications of Russia No. 2201).

"Technological partnership with RED SOFT" is aimed at expanding the possibilities of sharing import-substituting solutions for any technological facilities that are so necessary for the automation and dispatching market. During testing, we were convinced that our software products successfully complement each other and are confident that their joint use will allow our customers to implement even more interesting projects and ideas, "said Andrei Podlesny, Development Director of InSAT.

2016: MasterSCADA is included in the Unified Register of Russian Computer Programs

The company's Russian SCADA MasterSCADA system INSAT is included Unified Register of Russian Programs in for electronic computers and databases. In accordance with Order Ministry of Digital Development, Communications and Mass Media Russia No. 538 of 08.11.2016, Appendix 2, No. pp. 17, she was assigned registry number 2201.

After MasterSCADA is entered into the Unified Register, state organizations will remove all barriers to its use in control systems for any facilities, including the most technologically complex and important for our state. But for private enterprises, it also matters. Since the brand "Made in Russia" is now one of the important indicators in making strategic decisions. And choosing a tool for work is a strategic technical solution. In addition, choosing domestic software for themselves, these companies can apply for participation in government orders.

Adding MasterSCADA to the Unified Register of Russian Programs gives InSAT another advantage. State support makes it easier to master foreign markets. And with its new version of MasterSCADA 4D, the company plans to go abroad widely.

2015: MasterSCADA 3.7

On December 7, 2015, InSAT introduced MasterSCADA 3.7^[7].

In this version of SCADA, it became possible to poll and transfer data according to the OPC UA standard. The standard differs from the "classic" ORS in the absence of binding to the outdated and insecure Microsoft DCOM technology. OPC UA supports encryption and authentication, allows data transfer over networks with complex architectures (including the Internet), and has built-in backup support.

The capabilities of the version are enhanced using the integration module 1C with -. MS InduLink The module allows to integrate the PCS system with MasterSCADA into ERP the system. 1C

Failure detection in this release is based on the UDP protocol, which allows you to achieve almost invisible failover without losing archive data.

The message system has been redesigned. Now you can set your own settings for each message state of any category - color, background, blinking, icon. The "sound" channel now has more flexibility of settings and functionality.

In the release of the version, more than 50 different modifications were made in the MasterSCADA modules.

Users of versions 3.x can update their systems for free as part of the maintenance program.

2014: MasterSCADA 3.3

Master SCADA is an integrated system that allows both operator stations and lower level controllers to be programmed within one project. Therefore, version 3.3 pays a lot of attention to the development of technological programming tools. The ST language (IEC 61131-3 standard), which appeared in the previous Master SCADA release, is now provided with a developed programming process service. The new program editor provides syntactic text coloring, a convenient mechanism for navigating and displaying compilation errors. The system includes a powerful debugger that allows you to perform step-by-step debugging, set breakpoints, display status and change the values ​ ​ of variables.

This version of Master SCADA now allows real-time control of individual parts of the automation project depending on the current operating conditions of the system. This gives developers a powerful tool to increase the flexibility of the systems being developed. In addition, another convenience has been added that makes it easy to modify finished projects is the ability to replace OPC servers without rearranging their variables in the project.

The developers also paid a lot of attention to the development of technological information archiving tools. Thus, the Master SCADA archive server can now use not only MS SQL or Oracle, but also FireBird to store internal archives. As before, for any part of the project you can choose your own DBMS, the method and place of storing archives.

Version 3.3 of MasterSCADA is saturated with a large number of improvements and improvements in all product subsystems: in the graph, these are additional tools for easy navigation of the project. in trends - the ability to perform any actions and commands from the context menu of feathers, a new pen processing formula, automation of trend settings, in the report generator - the ability to test ready-made reports during development, new data processing features, new graphical primitives, support for new report save formats, but the main thing is the ability to set tables in reports as a whole, and not by compiling them from individual components.

Methodological support for users has become wider: the library has a section "Examples of scripts," which contains a rich palette of script templates, mainly for automating the development process and group processing of project elements, the process of mastering the most powerful capabilities of the report generator is facilitated - users are provided with a training project for study, which provides specific examples of implementation of the most common tasks.

Notes