Johannes Greil, head of the SEC Consult Vulnerability Lab, told
SecurityWeek that an attacker who can exploit CVE-2023-28489 can take complete control of a device and they could potentially destabilize a power grid and possibly even cause blackouts by changing critical automation parameters. Threat actors could also leverage the vulnerability to implement backdoors. However, the expert noted that since these devices are mostly used in critical infrastructure environments, they are typically ‘strongly firewalled’ and are not accessible directly from the internet. “It cannot be ruled out though that some devices might be reachable through 3rd party support access connections or potential misconfigurations,” Greil explained.
Exploitation of CVE-2023-28489 can allow an attacker who has network access to the targeted device to gain full root access without any prior authentication. Exploitation of the flaw involves sending a specially crafted HTTP request to the targeted RTU. The US Cybersecurity and Infrastructure Security Agency (CISA) also published an
advisory in April to inform organizations about the vulnerability. Greil pointed out that Siemens Sicam products are among the first devices in the world to receive ‘maturity level 4’ certification in the Industrial Cyber Security category. This certification, IEC62443-4-1, indicates that security was an important factor throughout the design and development process and that the product has undergone rigorous testing. SEC Consult is currently not releasing any technical details to prevent malicious hackers from potentially misusing the information.
www.securityweek.com
