RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Siemens SPPA-T-серия (Siemens Power Plant Automations)

Product
Developers: Siemens AG
Branches: Power
Technology: APCS

The solution Siemens SPPA-T3000 is applied to control and management of technology processes on large objects of power generation in the USA, Germany, Russia and other countries.

2019: Detection of 17 vulnerabilities

On December 13, 2019 the Positive Technologies company reported that it helped Siemens to eliminate dangerous vulnerabilities in an electric power production management system.

In total in SPPA-T3000 system experts of Positive Technologies revealed 17 vulnerabilities.

File:Aquote1.png
Operation of some vulnerabilities is able to allow the malefactor to execute any code on the application server (one of the most important components of SPPA-T3000 system), to receive control over technology process and to break it. It threatens with the termination of electricity production and emergency situations on TPP or hydroelectric power station — where a vulnerable system is installed,
notes the head of the safety department of industrial management systems of Positive Technologies Vladimir Nazarov
File:Aquote2.png

Vulnerabilities were detected in two SPPA-T3000 components — in the application server and the server of migration.

Seven vulnerabilities were found in the code of the application server. Three of them allow to execute any code in a system. In the first case it is possible thanks to the unprotected service Remote Method Invocation (RMI), and for vulnerability operation authentication is not required. Other opportunity is revealed in the Java Management Extensions (JMX) service started on the application server. Also existence in the system of the method available through a remote call of procedures (RPC method) intended for administration and which is not requiring authentication allows to execute the code in a system.

Three more vulnerabilities of the application server are connected with a lack of authentication of some services which allows to stop some containers started in a system and to cause failure in service of the server. The last vulnerability allows to load any files without any authorization.

Other ten vulnerabilities are detected in the server of migration MS-3000. Among them two possibilities of a remote read and write of any files. So, for example, the malefactor can read file/etc/shadow containing the ciphered passwords of users and to try to pick up the password.

Multiple shortcomings of security like "buffer overflow on a heap" are also revealed. Their operation can lead to failure of the server of migration, among other things.

Users are recommended to set the latest version of SPPA-T3000 in which the detected vulnerabilities are eliminated.