Hi Checkmates,

Almost on weekly bases we get notifications about new detected vulnerabilities related to OT/ICS equipment. In several cases these vulnerabilities make a huge buzz in the market, like we noticed with the VxWorks Urgent/11. In most cases it takes significant amount of time for the vendors to deliver patches to solve the vulnerabilities and on the same time we shouldn’t forget the fact that OT/ICS customers don’t patch their equipment.  

Attached you can find the recently released notification by Schneider electric concerning a vulnerability at high-end PLC M580. The reason I share with you the info, is not because this vulnerability is special, but to show you how simple the vendor remediation instructions are and even more important how it correlate with our story.

1. Set up network segmentation and implement a firewall to block all unauthorized access to port 80/HTTP on the controllers.
2. Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network.
3. All methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. should be scanned before use in the terminals or any node connected to these networks
4. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
5. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Next time you will need to address this issue with your customers, please don’t forget to show this example for the customer.