Critical flaw in Siemens’ energy sector ICS

Siemens recently published a security warning on a critical flaw in some of its energy sector ICS. SEC Consult, a subsidiary of Eviden, Atos’ cybersecurity branch, identified the vulnerability: it is believed to enable an attacker who is connected to the same online network to gain control of the equipment.

These ICS are particularly present in electrical substations. Therefore injecting malware code could “disrupt power grids, even trigger power outages, by changing critical automation controls,” explained Siemens. Cybercriminals could also very easily install backdoors on infected ICS.

Nevertheless, SEC Consult was reassuring on the matter. These ICS are for the most part found in infrastructure that is deemed critical, therefore equipped with proper firewalls, and not directly connected to the Internet. “However, we can’t rule out that some devices may be accessed through third party connections to the system or potential faulty setups,” explains Johannes Greil, head of the vulnerability lab at SEC Consult.

The cybersecurity firm never released technical details on the flaw to avoid drawing the attention of cybercriminals. It also stated it had identified other, lesser, vulnerabilities in Siemens’ ICS software, and was in the process of patching them.