CyberLAB detects and fixes another network security issue.
2021.05.24 10:25 - Marek PawłowskiThe CyberLAB team discovered a vulnerability in the firmware of Schneider Electric’s M241 and M251 PLCs. It allowed a buffer overflow in a controller with a special HTTP request and consequently caused its failure. The device requires a restart in order to restore operation. For controllers responsible for critical production operations, such sudden, unplanned downtime can have serious financial and safety implications. Given the relative ease of exploiting the driver in case of having access to a device, it Was important to eliminate the vulnerability for secure device operation.
In line with responsible disclosure best practices, the CyberLAB team has reported this vulnerability to the Schneider Electric security team at first, providing full bug documentation, and held public disclosure of the details until the manufacturer issued a fix. The error has been assigned CVE-2021-22699 number and the details and relevant recommendations have been published at: https: //download. schneider-electric. com/files? p_Doc_Ref=SEVD-2021-130-05. The manufacturer expressed appreciation for NCBJ staff for their assistance in identifying the vulnerability and coordinating efforts to remediate it.
„In the CyberLAB laboratory, a technique called fuzzing of fuzzing testing is used to search for vulnerabilities. The method consists of sending a large number of appropriately modified data packets to the device following the selected communication protocol and observing whether there are any unexpected results” – explains eng. Jakub Suchorab. He also adds: „This is not the first big success of our team. In 2018, we came across another vulnerability in commonly used controllers, for instance, in nuclear installations. Our work strengthens cybersecurity in every field of industry and science”.
The CyberLAB laboratory Was established as a result of the participation of the National Center for Nuclear Research in the „Enhancing Computer Security Incident Analysis at Nuclear Facilities” program, which Was conducted by the International Atomic Energy Agency. The goal of the laboratory is to test industrial devices, including searching for vulnerabilities in programmable logic controllers (PLCs) commonly used in all industrial automation installations.
The CyberLAB team is constantly involved in testing more industrial devices. In addition, the laboratory is being expanded with appropriate equipment and competencies and is reporting readiness to provide customized cybersecurity services, specifically:
- Searching for vulnerabilities in devices provided by the customer using fuzz testing method. The offer covers a wide range of communication protocols (including industrial ones) and technical analysis of the vulnerabilities. Testing PLCs, firewalls, network devices, industrial Internet of Things (IoT) is part of the offer.
- Testing the effectiveness of security solutions such as anomaly detection systems in industrial networks. Due to experience in vulnerability testing, it is possible to Test the response of security systems to real exploitations happening in the infrastructure, including both singular vulnerabilities and complex attacks.
The laboratory infrastructure allows to simulate complex industrial and corporate environments.