Hello all. NIST has released revision 3 of the 800-82, Guide to Industrial Control Systems (ICS) Security. Revision 2 has been a staple for many in the OT/ICS world in evaluating the security of control systems. This third revision of SP 800-82 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.

Updates in this revision also include:

  • Expansion in scope from ICS to OT
  • Updates to OT threats and vulnerabilities
  • Updates to OT risk management, recommended practices, and architectures
  • Updates to current activities in OT security
  • Updates to security capabilities and tools for OT
  • Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)
  • New tailoring guidance for NIST SP 800-53, Rev. 5 security controls
  • An OT overlay for NIST SP 800-53, Rev. 5 security controls that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems.

Final comments due on July 1, 2022, so expect revision 3 to be final soon. The revision 3 draft can be downloaded at: https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft

Read more

Hello All. Researchers as Claroty, well kn0wn OT passive monitoring vendor have disclosed multiple critical vulnerabilities in vendor implementations of the Open Platform Communications (OPC) network protocol.

What is the OPC Protocol Anyway?

OPC communicates information from a data source such as a server to any client application in a standard way without requiring the application to have any specific knowledge about the data source such as its communication protocols. When diverse OT systems are required to communicate with each other a separate protocol or method is required for each device. As a solution the OPC (linking and correlating objects in process control) standard was developed.

OPC is a communication standard known as the OLE / COM (object Linking & Embedding / component object model) standard, based on Microsoft’s object-oriented technology aimed at integration between different applications, to make the connection between different units in automation systems fast and reliable.

Claroty’s Findings

The vulnerabilities affect the following vendors and products: Softing’s Industrial Automation OPC library, Kepware PTC’s ThingWorx Kepware Edge and KEPServerEX OPC servers, and Matrikon’s Matrikon OPC Tunneller.

These three products are integrated into many other vendors’ offerings as a third-party component. For example, Softing’s OPC library is being used as a third-party OPC protocol stack by some vendors, and the KEPServerEX OPC Server is being used as an OEM shelf solution by other well-known vendors, including Rockwell Automation and GE, both of which have published advisories informing their users of these security issues. We believe these vulnerabilities may affect multiple other products sold by vendors across all ICS vertical markets. Here is a list of the vulnerability CVEs:

Softing Industrial Automation GmbH

  • CVE-2020-14524: Heap-Based Buffer Overflow (CWE-122)
  • CVE-2020-14522: Uncontrolled Resource Consumption (CWE-400)

Kepware PTC

  • CVE-2020-27265: Stack-based buffer overflow (CWE-121)
  • CVE-2020-27263: Heap-based buffer overflow (CWE-122)
  • CVE-2020-27267: Use-after-free (CWE-416)

Matrikon Honeywell OPC DA Tunneler

  • CVE-2020-27297: Heap overflow due to integer overflow (CWE-122)
  • CVE-2020-27299: Information leak due to OOB read (CWE-125)
  • CVE-2020-27274: Improper check for unusual or exceptional conditions (CWE-754)
  • CVE-2020-27295: Uncontrolled resource consumption (CWE-400)

Claroty are urging users of these products to upgrade to the latest version to mitigate these vulnerabilities.

Read more