The Large Hadron Collider has used a SCADA platform revealed last month to contain holes that allowed attackers to gain 'full control' of industrial machinery.
Siemens developed patches for the SIMATIC WinCC Open Architecture application this month after researchers Sergey Gordeychik and Gleb Gritsa aired details of the vulnerabilities telling this publication it could be used to hijack energy, chemical and transportation systems.
The United States' computer emergency response team for industrial control systems (ICS CERT) later published an alert (ICSA-14-035-01) on the flaws which allowed attackers with network access to affected devices to perform remote code execution, traverse file systems and escalate privileges.
Those holes related the way passwords were encrypted and stored in the software's Project database.
The ICS CERT noted the severity of the flaws varied depending on architectures and recommended organisations evaluate how it may impact them.
Siemens WinCC OA has since 2001 been used to monitor "all technical processes" at CERN, including control and monitoring of experiments in the Large Hadron Collider, the world's biggest particle accelerator famous for discovering a particle consistent with the Higgs Boson last year.
Control Engineering Europe reported that the SCADA system handled 10 million input/output monitoring channels processed by hundreds of systems.
The first vulnerability (CVE-2014-1696) allowed attackers to break project users’ password hashes and escalate privileges within the affected WinCC OA server application.
Three other vulnerabilities (CVE-2014-1698, CVE-2014-1697 and CVE-2014-1699) were found in an integrated web server which could allow attackers to traverse through the server's file system, conduct remote code execution and launch denial of service of a monitoring service by sending crafted packets and malformed HTTP requests over the network.
Siemens said users should update to version 3.12 of Simatic WinCC Open Architecture and to install the patch - 'P002 January'.
"As a general security measure Siemens strongly recommends to protect network access to the Simatic WinCC Open Architecture server with appropriate mechanisms," the advisory stated.
"It is advised to follow recommended security practises and to configure the environment according to operational guidelines [pdf] in order to run the devices in a protected IT environment."
The US ICS CERT recommended organisations:
- Minimise network exposure for all control system devices and systems, and ensure that it was not accessible from the internet,
- Locate control system networks and remote devices behind firewalls, and isolate it from the business network,
- And when remote access is required, use secure methods, such as virtual private networks, recognising that VPNs were only as secure as the connected devices.
