Magelis HMI security vulnerability exposed
Security researchers have discovered a second serious vulnerability linked to the Schneider Electric Magelis series of HMIs. It follows an earlier, though unrelated disclosure of security vulnerabilities in Schneider Unity simulator (PLC programming framework).
Dubbed PanelShock by the security researchers at Check Point and cybersecurity start-up Critifence, the problem only occurs when the Web Gate Server function is activated, although by default, this function is disabled. Vulnerabilities of the physical HMI hardware affect all the Magelis HMI series, and do not require any software to be installed on the target server.
Web Gate web services
Vulnerabilities in the Web Gate web service of the Magelis HMI panels series enable an attacker to “freeze” the panel remotely and disconnect the HMI from the SCADA network. While under attack via a malicious HTTP request, the HMI may be rendered unable to manage communications due to high resource consumption. This can lead to a loss of communications with devices such as PLCs, which can cause the supervisor or operator to perform improper actions, which may further damage the factory or plant operation. To recover, a reboot of the HMI is required.
Schneider Electric has confirmed what it describes as a potential DDoS risk. The firm has pushed out a Security Bulletin offering mitigation advice to customers. A more comprehensive fix is not due for four months until next March 2017.
PanelShock zero-day vulnerabilities were discovered in April 2016 by Eran Goldstein, CTO and Founder of CRITIFENCE. A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero-day attack.
The following Schneider Electric Magelis Advanced HMI Panels are affected:
– Magelis GTO Advanced Optimum panels
– Magelis GTU Universal panel
– Magelis STO & STU Small panels
– Magelis XBT GH Advanced Hand-held Panel
– Magelis XBT GK Advanced Touchscreen Panels with Keyboard
-Magelis XBT GT Advanced Touchscreen Panels
-Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe)
For more information and mitigation actions on Magelis HMIs, refer to the Security Notification
Recent blog posts