Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
Operational technology security company Nozomi Networks has observed three security flaws in a model of a machinery detection system used by a number of Australian energy and industrial organisations.
The three vulnerabilities could allow a threat actor to get around the hardware’s authentication systems by “simply crafting and sending a malicious request”.
The hardware in question – Baker Hughes’ Bently Nevada 3500 machinery protection system – is designed to provide continuous monitoring of rotating machinery and to prevent missed and false trips. It’s basically designed to prevent mechanical failures.
Nozomi Networks focused on the hardware’s Transient Data Interface, in particular, which handles ethernet communications via a proprietary cleartext protocol. Its researchers set up a test bed device with both access- and configuration-level password protection and then reverse-engineered the proprietary protocol, looking for weaknesses.
Nozomi found one high-risk vulnerability and two medium-risk ones, which it immediately disclosed to the vendor.
This high-risk flaw lets a threat actor extract both passwords via a simple malicious request, leading to the machinery being fully compromised. Network access is required for the trick to work.
“This could impact the confidentiality, integrity, and availability of processes and operations since extracted information can be leveraged to craft authenticated requests toward the target,” Nozomi’s researchers said in a statement.
Both of these medium-risk vulnerabilities also rely on the threat actor gaining network access, but if they do, these flaws could lead to authentication keys being compromised by man-in-the-middle attacks.
The three vulnerabilities remain unpatched at the time of writing, but Bently Nevada – a Baker Hughes subsidiary – has contacted its customers and is providing mitigation advice to reduce their impact.
Nozomi “recommends asset owners review the hardening guidelines provided by Baker Hughes to confirm or improve the security posture of their operations”.
Comments powered by CComment