Security News > 2020 > July > NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module.

Corresponding with the NSA/CISA alert is an ICS-CERT advisory about a handful of bugs, one critical and ranking 10 out of 10 on the CvSS vulnerability-severity scale, in Triconex SIS equipment from Schneider.

In 2017, a Middle Eastern oil and gas petrochemical facility was hit with a malware called TRITON, which exceeded other industrial cyberattacks because it directly interacted with and controlled the Triconex SIS. Because the SIS is the last line of automated safety defense for industrial facilities shutting it down paves the way for a destructive, physical attack that's unhampered by failsafe mechanisms.

The critical bug is an improper access control flaw: "A legacy debug port account in TCMs installed in Tricon system Versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access."

"OT assets are critical to the Department of Defense mission and underpin essential National Security Systems and services, as well as the Defense Industrial Base and other critical infrastructure," it reads.

News URL

https://threatpost.com/nsa-urgent-warning-industrial-cyberattacks-triconex/157723/