The Remote Terminal Unit (RTU) module is a common solution in the energy field. At present, all European countries are using such design results. The serious security loopholes that arise are worth noting.
Bernhards Blumbergs and Arturs Danilevics, two researchers from Latvian security firm CERT.LV found that the security gaps in Telem-GW6 and Telem-GWM products manufactured by Martem, Estonia, can be exploited to implement denial of service attack and execute arbitrary code and commands. These products with security vulnerabilities belong to data concentrators and are responsible for collecting data related to peripheral equipment in substations.
Martem Company specializes in providing remote control systems for distribution network monitoring. Its customers include power distribution companies as well as industrial and transportation companies with their own power grids. Martem’s main customers come from Estonia, Lithuania, Latvia, and Finland. The company stated that its RTU was used at the beginning of 2018 for cyber defense exercises organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).
- CVE-2018-10603 (CVSS score: 10 points), allows malicious nodes on the network to send unauthorized commands and control industrial processes. This security vulnerability stems from the lack of the necessary authentication mechanisms for commands from IEC-104, the standard protocol for remote control, remote protection, and power system communications.
- CVE-2018-10607 is an uncontrolled resource consumption issue. According to ICS-CERT, an attacker can create one or more new connections to input/output attachments (referred to as IOAs) and close them in an abnormal manner, causing a DoS condition within the industrial process control channel.
- CVE-2018-10609 is a Cross Site Scripting (XSS) vulnerability that exploits the high privileges of the target user to execute arbitrary code in the client.
According to ICS-CERT, these security holes even allow low-level attackers to use them remotely.
The security vulnerabilities discovered by researchers Blumbergs and Danielilics mainly affected RTUs in GW6 2018.04.18-linx_4-01-601cb47 and earlier. The affected GEMs are 2018.04.18-linux_4-01-601cb47 and earlier. Martem stated that with the release of firmware version 2.0.73 (expected to be May 23, 2018), the XSS vulnerability will be fixed.
In addition, users can also disable unnecessary Web servers to prevent attacks from occurring; or use strong passwords to block unauthorized access to protect Web servers.
Two other security vulnerabilities can be mitigated by changing the configuration, such as using a VPN, using firewall packet filtering, and configuring an RTU to ensure that only trusted systems can send commands.
Source: securityweek
