Expert Analysis Of Serious Vulnerability Discovered In Profinet Industrial Communication Protocol

serious vulnerability was recently found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service (DoS) attacks.

The high-severity vulnerability was discovered last year by researchers at OTORIO, who found that an attacker could easily cause devices to enter a DoS condition — in some cases requiring a hard restart for recovery — by sending legitimate Profinet packets over the network.

According to the researchers, the vulnerability is so easy to exploit that it may be triggered by accident by an employee who misconfigures the network and can result in serious disruptions to operational processes.

The company’s researchers have confirmed that the vulnerability impacts products from Siemens and Moxa that use Profinet, but they believe products from other vendors may be affected as well. Tens of thousands of devices may be at risk of attacks, but warned that exploitation of the vulnerability is “almost impossible to detect.”


EXPERTS COMMENTS
Younes Dragoni, Security Researcher ,  Nozomi Networks
February 19, 2020
Organisations need to increase monitoring on their network.
As the advisories are saying, this vulnerability is quite severe and it’s affecting the well-known protocol: Profinet-IO. Specifically, when multiple legitimate diagnostic requests (discovery packets) are sent to the DCE-RPC interface. This protocol is mainly used to define the entire communication exchange (variables) between IO-Controllers (control devices: PLCs, DCS, etc.) and the IO-Devic ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article