Technical Report: Gone in 20 Seconds – Overview of a Password Vulnerability in Siemens HMIs

09/08/2020
by   Joseph Gardiner, et al.
0

Siemens produce a range of industrial human machine interface (HMI) screens which allow operators to both view information about and control physical processes. For scenarios where an operator cannot physically access the screen, Siemens provide the SM@rtServer features on HMIs, which when activated provides remote access either through their own Sm@rtClient application, or through third party VNC client software. Through analysing this server, we discovered a lack of protection against brute-force password attacks on basic devices. On advanced devices which include a brute-force protection mechanism, we discovered an attacker strategy that is able to evade the mechanism allowing for unlimited password guess attempts with minimal effect on the guess rate. This vulnerability has been assigned two CVEs - CVE-2020-15786 and CVE-2020-157867. In this report, we provide an overview of this vulnerability, discuss the impact of a successful exploitation and propose mitigations to provide protection against this vulnerability. This report accompanies a demo presented at CPSIoTSec 2020.

READ FULL TEXT

page 2

page 4

page 6

research
10/24/2022

A Simpler Method for Understanding Emergency Shelter Access Patterns

The Simplified Access Metric (SAM) is a new approach for characterizing ...
research
06/14/2023

Vulnerability Assessment of Industrial Control System with an Improved CVSS

Cyberattacks on industrial control systems (ICS) have been drawing atten...
research
07/20/2018

TCP SYN Cookie Vulnerability

TCP SYN Cookies were implemented to mitigate against DoS attacks. It ens...
research
04/28/2023

faulTPM: Exposing AMD fTPMs' Deepest Secrets

Trusted Platform Modules constitute an integral building block of modern...
research
02/07/2018

Click Spam Prevention Model for On-Line Advertisement

This paper shows a vulnerability of the pay-per-click accounting of Goog...
research
05/09/2023

Data Protection and Security Issues With Network Error Logging

Network Error Logging helps web server operators detect operational prob...

Please sign up or login with your details

Forgot password? Click here to reset