14 DAY TRIAL // A vulnerability in six products from Beckwith Electric, including voltage regulators and digital capacitors, has been addressed by the company by releasing firmware updates.
Beckwith Electric provides solutions for producing, transmitting and distributing electric power to different organizations. The impact of the vulnerability depends on the operational environment, architecture, and product implementation of each entity.
Attacker can spoof TCP connection
The security flaw can be exploited remotely and would offer an attacker the possibility of stopping the activity of the devices and hijacking sessions.
Credited for the discovery of the security hole are Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, who found that the affected devices generate predictable TCP initial sequence numbers.
An attacker exploiting the flaw would be able to spoof TCP connections by predicting the correct TCP initial sequence numbers from previous values.
On the list of the affected products are M-6200 and M-6200A Digital Voltage Regulator Controllers, M-2001D Digital Tapchanger Controller, and M-6283A Three Phase, M-6280A M-6280 Digital Capacitor Bank Controllers.
All firmware versions of the last product on the list are affected. A notification has been released for M-6280, and customers are required to log into their Beckwith Electric account to get the update. In the case of other devices, only variants prior to the corresponding latest ones are vulnerable.
Measures for improved defenses
ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) recommends in a security advisory some defensive measures, apart from applying the patch.
One of the recommendations is to improve protection against packet sniffing by implementing a bump-in-the-wire solution for secure communication between endpoints. Isolating critical parts of the network via demilitarized zones, and firewalls is also on the list.
Other than this, organizations should apply the regular precautionary measures, like minimizing network exposure for control systems and making sure that they cannot be accessed from the Internet. Also, the business network should be properly isolated from the production network and a VPN solution is recommended for remote access.