Imagine a scenario where a single flaw could bring entire factories to a standstill or allow hackers to take control of industrial machines from afar. This is not science fiction; it is a real danger, as uncovered by cybersecurity experts Mashav Sapir and Vera Mens at Claroty. They have found critical weaknesses in the technology that helps industrial systems communicate, flaws that could let attackers crash essential equipment or, even worse, run harmful commands from a distance.
MMS, a crucial messaging protocol in industrial environments, facilitates communication between supervisory control systems and devices like PLCs (Programmable Logic Controllers). These systems control everything from power grids to factory automation, making their security paramount.
Claroty identified five major vulnerabilities in two popular MMS libraries—MZ Automation’s libIEC61850 and Triangle MicroWorks’ TMW IEC 61850. The most critical of these vulnerabilities, CVE-2022-2970 and CVE-2022-2972, scored a severity rating of 10.0 and could allow attackers to crash devices or even take full control.
For example, imagine a power plant using MMS to communicate with its control systems. A hacker exploiting these flaws could crash a key device, causing power outages or even a complete shutdown of operations. Worse still, with remote code execution, they could manipulate the plant’s processes.
Even Siemens SIPROTEC 5 Intelligent Electronic Devices (IEDs) were found vulnerable due to reliance on an outdated MMS stack. Fortunately, Siemens released a firmware update in December 2022 to mitigate the risk.
The threat is further magnified by similar vulnerabilities in other protocols like ESP-NOW, which powers security systems in buildings. These weaknesses underline the need for vendors to adopt up-to-date security measures and follow best practices to protect critical infrastructure from cyberattacks.
In the race between technology and security, the gaps are widening. Will industry leaders catch up?
