Skip to content

SCADAfence Researchers Discover a DoS Vulnerability in all of ABB’s AC500 V2 products

Our Researchers Discover Another Vulnerability 

As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities and attack techniques.

CVE-2020-24685 is a CVSS 8.6 (CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) remote CPU DoS vulnerability in all of ABB’s AC500 V2 products with onboard ethernet are affected by this vulnerability (with latest firmware v2.5.4) that has been discovered by SCADAfence researcher Yossi Reuven.

ABB is one of the world’s leading electronics and electrical equipment manufacturing companies (holding an overall share in the world DCS market of 19.2%), and is in use by many of our customers. 

About The Vulnerability – CVE-2020-24685

AC500 V2 Series is one of ABB’s PLC offerings – designed as a compact entry-level PLCs for small applications. AC500 V2’s communication with Automation Builder (Engineering software package) is done via ABB proprietary wrapper protocol encapsulation of CoDeSys SDE protocol (which works on both TCP and UDP). 

A single specially crafted packet sent by an attacker over the ABB protocol on port 1200 will cause a denial-of-service (DoS) vulnerability. The PLC’s CPU will get into fault mode, causing a hardware failure. The PLC then becomes unresponsive and requires a manual (physical) restart to recover. In addition, the buffer overflow condition may allow remote code execution.

What SCADAfence Recommends Asset Owners To Do

Perform an Industrial Vulnerability Management Process

Please refer to our guide on this topic: https://www.scadafence.com/public-preview-a-comprehensive-guide-to-industrial-device-patching/

Monitor for Unauthorized Network Activity and Exploitation

Some devices will always remain unpatched. Monitoring is an early warning system that allows you to act before attackers have gained full control over your network.

Upgrade to the Latest Firmware

ABB has developed a new firmware version 2.8.5 fixing this vulnerability. This firmware version is released for the following affected PLC types:
* PM573-ETH
* PM583-ETH

Currently no firmware update is available to other products in the AC500 V2 line. When ABB makes such a patch available, we recommend asset owners to consider upgrading.

Prevent Unauthorized and Untrusted Access

– Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.

– Use within a LAN and block access from untrusted networks and hosts through firewalls.

Special Thanks & Recognition

The SCADAfence Research team would like to thank the ABB team for the collaboration.

ABB has published the advisory and released a firmware update to part of the product line.

SCADAfence is committed to continued research of offensive technologies and development of new defensive technologies.

Exploit PoC

We wrote a Python POC (GPLv3) script of the exploit in action.

Currently, there’s no patch available. As a result, we limit the access to the exploit to vetted individuals only. The exploit is only available for educational and legal research purposes.

Warning: The script will crash the PLC’s CPU – do not use it in production.

To get this free python exploit, please send an email to research@scadafence.com, identify yourself and explain how you’re going to use the exploit. We reserve the right to refuse any request.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Scale Computing Named a “Leader” and “Outperformer” in the GigaOm Radar Report for Hyperconverged Infrastructure: Small-to-Medium Enterprises and Edge

INDIANAPOLIS – January 20, 2021 – Scale Computing, a market leader in edge computing, virtualization and hyperconverged solutions, today announced that GigaOm has named the company both a “leader” and “outperformer” in its most recent report, “GigaOm Radar for Hyperconverged Infrastructure: Small-to-Medium Enterprises and Edge.” The report takes a comprehensive view of how well Hyperconverged Infrastructure (HCI) solutions serve small to medium enterprises (SME), edge, and Remote office/branch office (ROBO) market segments. The report can be downloaded here.

 

The Radar report recognizes that Scale Computing offers a complete end-to-end solution based on its own virtualization stack, which is designed for small, medium, and large distributed enterprises with a particular focus on edge use cases. Scale Computing offers a self-healing platform for autonomously running applications at the edge, with a small, all-flash, NVMe storage-based compute appliance that delivers all of the simplicity, efficiency, and enterprise-ready virtualization associated with Scale Computing’s HC3 platform. Built specifically for sites that need highly available infrastructure, the HE150 can be deployed almost anywhere, without requiring a rack or server closet. While taking up only the space needed to stack three smartphones, it provides a fully functional, integrated platform for running applications that includes high availability clustering, rolling upgrades, and integrated data protection.

“The edge requires a combination of enterprise-grade application reliability, autonomous management, and self healing due to the limited IT resources available at the edge, and a form factor that makes sense for the environment. This is a tricky combination, but Scale Computing has delivered,” said Enrico Signoretti, Research Analyst, GigaOm.

“We are honored to be named both a “Leader” and an “Outperformer” in the first GigaOm Radar for Hyperconverged Infrastructure: Small-to-Medium Enterprises and Edge. As technology pushes its way into every part of business, the need for edge computing to support an application-driven world is expanding. The Scale Computing platform runs applications at maximum uptime where, due to a combination of location and lack of IT resources, it was previously not feasible. Its use cases include retail, grocery, educational facilities, local government offices, medical offices, ocean going vessels, and manufacturing shop floors – the possibilities are endless,” said Jeff Ready, CEO and co-founder, Scale Computing.

 

This news follows exciting award wins and industry recognition for the company, including:

  • TechTarget’s Storage Magazine & SearchStorage.com selected Scale Computing as a finalist for its annual Products of the Year Awards for 2020 for the HE150 in Hyper-converged & Composable Infrastructure.
  • TrustRadius recognized Scale Computing with a 2021 Best Feature Set Award, a 2021 Best of Customer Support Award, and a 2021 Best Usability Award. This trifecta of awards highlights the few companies with outstanding feature sets that have gone above and beyond to delight their users. The company ranked first in all three categories.
  • The HE150, powered by Scale Computing’s HC3 Edge software platform, is a winner of the CRN 2020 Product of the Year Awards in the Internet of Things category.
  • Gartner Inc. included Scale Computing in the December 2020 Magic Quadrant for Hyperconverged Infrastructure Software. Scale Computing has been recognized in all editions of this Magic Quadrant since Gartner introduced it. Scale Computing has also been highly rated and reviewed by customers on Gartner Peer Insights.
  • Listed in Inc’s 1000 Largest and Most Inspiring Private Companies.
  • Winner in both the Edge Computing category, newly added this year, and the Converged/ HyperConverged Infrastructure category, of the 2020 CRN Annual Report Card (ARC) Awards. This is the second consecutive year Scale Computing has been recognized as a CRN ARC Award winner.

Scale Computing believes that it is the top choice over its competitors for many customers due to the simplicity, efficiency and innovation of Scale Computing HC3. Specifically:

  • Simplicity – Scale Computing customers rave about how simple it is to implement and deploy HC3. The simplicity of the self-healing platform, driven by automation and machine intelligence, allows Scale Computing customers to focus on other strategic projects rather than infrastructure maintenance.
  • Efficiency – Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications.
  • Innovation – Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects problems in the infrastructure in real-time, enabling applications to achieve maximum uptime even when local IT resources and staff are scarce. This innovation makes HC3 simple for IT teams to manage and administer.
  • Value – HC3 makes IT infrastructure reliable, manageable and affordable by giving organizations more system uptime while requiring significantly less maintenance and administration than legacy alternatives.

The GigaOm Radar Report for Hyperconverged Infrastructure: Small-to-Medium Enterprises and Edge can be downloaded here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

ESET Internet Security recognized with Outstanding Product Award by AV-Comparatives

BRATISLAVA – ESET, a global leader in cybersecurity, has received recognition with an Outstanding Product Award in AV-Comparatives’ Public Consumer Main Test Series for 2020. ESET Internet Security was assessed by the leading independent test lab, achieving Advanced+ level in all of AV-Comparatives’ tests.

For the 2020 Public Consumer Main Test Series, AV-Comparatives subjected 17 consumer security products for Windows to rigorous investigation. Programs were tested for their ability to protect against real-world internet threats, identify recent malicious programs, defend against advanced targeted attacks, and provide protection without slowing down PCs.

As well as receiving an Outstanding Product Award, ESET Internet Security received the Gold Award for False Positives, producing just five false positives and scoring higher than any other solution. It also earned Silver Awards for Malware Protection and Advanced Threat Protection.

Reviewers of the software were impressed with the solution’s ease of use and its clean and easy-to-navigate interface. They also commended ESET Internet Security for the useful search function of its settings dialog and the range of advanced options, as well as its safe default settings. They noted that the real-time file system protection is sensitive and reacts very quickly when needed, and highlighted the “excellent” help features.

Commenting on the results, Matej Krištofík, Product Manager for Home Windows, said: “Here at ESET, we are dedicated to safeguarding consumers and their data, and this award is a testament to that commitment. To protect consumers across the globe from cyber-risks, technology must be easy to deploy and navigate, so we are very proud that ESET Internet Security has been recognized for its ease of use. With technology taking up more room in our lives than ever before, ESET balances cutting-edge protection with an intuitive interface, and these results reflect this.”

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

The function of API’s in the integration between the solutions

Digital transformation offers a series of benefits for companies of all sizes and industries. However, the results achieved by this transformation are not obtained without challenges. The new digital age has led to an exponential increase in the amount of data, applications, and systems. And they all need to communicate continuously and securely so that the benefits of digital transformation are achieved. 

The integration of these applications and systems through APIs allows applications to communicate and share information.

Using an API-based integration to create and manage connections between applications is extremely challenging. API integration allows a solution to develop and provide connections between all the applications and systems that your company needs to connect with nowadays. 

Find out below the role of APIs in the integration between solutions and learn about the main challenges associated with this technology.

What is an API?

In general terms, an API (Application Programming Interface) is a set of programming instructions that allows a software application to communicate directly with another. Through this communication, one application can cause the other to perform a variety of tasks, from returning a reply to a specific query to starting a more complex procedure.

Here is an analogy that can help you understand the concept. Imagine sitting in a restaurant and reading the menu. While the menu lists everything you can order, the real ingredients and activities needed to prepare the meal are stored in the kitchen.

To access the meal, you place an order with a waiter or waitress, who takes the order back to the kitchen staff. When the food is ready, they will take it to you. In this way, the APIs are like the waiting team, while the menu and the kitchen are like the different applications.

Where are the APIs used?

The examples of APIs in action are numerous. Did you order a ride on Uber? You can thank the APIs for making this possible. They are the ones that allow the ride-sharing app to communicate seamlessly with Google Maps and any form of payment you choose, so you can select a location, ask for a ride and pay for the service, all in one place.

In the payments industry, APIs allow people to make payments online, check when bills expire, control their finances, and conduct a variety of other payment-related activities. In fact, almost all online activities depend on APIs in some way.

The importance of API documentation

To use the services enabled by the APIs, consumers only need to interact with whatever interface they are using. Take Google search as an example. To successfully search for something on Google, the user does not need to know what is going on behind the scenes, so to speak. They just need to know how to navigate the interface.

For developers, it is an entirely different matter. Consider a developer who designs a new app for consumers looking to control their finances. The software engineer needs to configure the application so that it can successfully communicate with the user’s bank via that bank’s API. To make this work, the software developer needs to know what information the bank’s API requires and what responses (or actions) the bank will provide.

Fortunately for developers, APIs must be properly documented. This API documentation should provide technical instructions on how to connect and use an API effectively, and detail exactly what an application needs to send to the API to make it work and what the possible results are.

The restaurant analogy above can help illustrate the importance of documentation. You cannot order an appetizer by saying something meaningless to the waiter. In addition, the options available to you depend on what is on the menu and what ingredients are in the kitchen. If you start ordering items that are not on the menu or order something that is out of stock, you will not get what you want. Therefore, the menu, combined with knowing how to order correctly with the waiter, serves as documentation.

Challenges with APIs

Going back to the example of a developer who creates a financial management application, the application needs to be able to speak to different banks. Since each bank can have its own API, the developer must be familiar with the documentation for each API. What works for one bank may not work for another.

Other challenges related to the use of APIs for integration between solutions are:

Technological Complexity

The development of a seamless integration module requires extensive knowledge of technology. Finding a highly-qualified and experienced development team, willing to elaborate the integration for your system, is one of the biggest challenges for your project. 

Security Risks

Cybersecurity is a major concern for companies. The results of API abuse, such as breaches and data loss, can affect a company’s reputation and finances, not to mention the damage that can be done to end customers. Data breach methods are becoming more sophisticated, which means that improper integration can become a gift for people with malicious intent. That is why keeping your integration secure with another system requires constant control and improvement. 

Maintenance and Upgrade

When integration between the system is established, this is not the end of the story. You will need IT staff or at least one developer to maintain and update the integration. Otherwise, any functional changes made to the system can disrupt the entire process of accessing and handling data. Besides, your customers can request personalized modifications and improvements at any time.

Systems Diversity

There is a wide range of styles of software and API architecture. Given that each system has its specific logic, each integration has its unique challenges. When it comes to integration with multiple platforms, it takes a lot of time and extensive knowledge to learn each of the systems. Therefore, if you are planning multiple integrations, you should be aware that establishing a connection with each terminal will not be faster or easier than with the previous ones.

Conclusion

APIs are essential for digital transformation and the creation and development of innovative business models. They are the foundation of the application economy, which can be developed faster, better, and at a lower cost.

APIs allow software to be complemented with third-party digital products or services to facilitate development. Also, a good API can help expand your brand’s presence in the market.

Even though, with the increased use of APIs, there is also a great potential for more security holes. The risk is great in most companies because the development team pays more attention to items such as functionality and agility than to the security aspect. 

Therefore, developers need to understand the associated risks to keep customers’, suppliers’, partners’, and employees’ data secure, as well as create guides to ensure that developing their APIs does not create cybersecurity problems.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

ESET discovers operation SignSight: Supply-chain attack against a certification authority in Southeast Asia

BRATISLAVA, MONTREAL – ESET Research discovered another supply-chain attack in Asia, this time on the website of the Vietnam Government Certification Authority (VGCA). The attackers modified two of the software installers available for download on this website by adding a backdoor in order to compromise users of the legitimate application. Supply-chain attacks appear to be a quite common compromise vector for cyberespionage groups. Cybercrime operation SignSight leverages malware known as PhantomNet or Smanager.

“In Vietnam, digital signatures are very common, as digitally signed documents have the same level of enforceability as wet signatures. In addition to issuing certificates, the VGCA develops and distributes a digital signature toolkit. It is used by the Vietnamese government, and probably by private companies, to sign digital documents. The compromise of a certification authority website is a good opportunity for APT groups, since visitors are likely to have a high level of trust in a state organization responsible for digital signatures,” explains Matthieu Faou, one of ESET’s researchers investigating the SignSight operation.

The PhantomNet backdoor is quite simple and is able to collect victim information (computer name, hostname, username, OS version, user privileges [admin or not], and the public IP address) as well as install, remove and update malicious plugins. These additional and more complex plugins are probably only deployed on a few selected machines. By also installing the legitimate program, the attackers make sure that this compromise won’t be easily noticed by end users.

ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website ceased delivering compromised software installers at the end of August 2020. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software.

ESET has seen victims in the Philippines in addition to Vietnam.

For more technical details about operation SignSight, read the blog post “Operation SignSight: Supply- chain attack against a certification authority in Southeast Asia” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×