Claroty reveals exploitable vulnerabilities in GE Proficy Historian

Claroty

Friday, 20 January, 2023
Claroty reveals exploitable vulnerabilities in GE Proficy Historian

Claroty’s Team82 cybersecurity research team has announced that it has uncovered five exploitable vulnerabilities in GE Proficy Historian.

Historian servers have a long reach within enterprise networks. These critical databases not only store data collected from industrial control systems, but they also extend to the corporate network by sharing information with ERP systems and analytics platforms. When security researchers — and attackers — talk about crossing over from enterprise systems to operational technology networks, historian servers are often a bridge they navigate.

To better understand this attack surface, Team82 researched GE’s Proficy Historian, which collects, stores and distributes time-series and engineering data. Industrial automation operations generate important data about the health of assets and processes, and historian servers play a considerable role in processing and analysing that information on-premises or in the cloud in order to understand and improve process efficiency.

For a determined attacker, information such as process control, performance and maintenance data has considerable value. Attackers would target historian servers in order to:

  • Gather intelligence about industrial processes.
  • Use their access for financial gain.
  • Manipulate an automation process by changing or deleting data in order to disrupt operations.
  • Damage equipment or endanger operators.
  • Exploit the pivot point to the OT network.
     

The research uncovered five vulnerabilities — including authentication bypasses, file manipulation, and remote code execution bugs — that allowed Team82 to access a test pharmaceutical network in its lab and modify records.

Team82 privately reported the five vulnerabilities in GE Proficy Historian, which have a cumulative CVSS v3 severity score of 9.8. The flaws can enable an attacker to access a GE Proficy Historian server, modify files, disrupt processes and crash machines.

GE said GE Proficy Historian v8.0.1598.0 is affected, and it has mitigated all of the vulnerabilities in the recently released GE Proficy Historian 2023. Users are urged to upgrade in order to be protected.

The ICS-CERT’s security advisory may be found here, and more detail about the vulnerabilities can be found from Claroty here.

Image credit: iStock.com/iambuff

Related News

Popular OT/IoT router firmware images exploitable: report

New research from Forescout and Finite State examines the state of the software supply chain in...

NVIDIA announces GenAI and services to support digital twins and robotics

NVIDIA has announced major advancements to OpenUSD that will expand its adoption to robotics,...

LG expands smart factory solutions business

Integrating AI with the company's 66-year manufacturing experience, LG is now extending its...

Content from other channels on our network

SULO bins turn circular using recycled content

Government funds high-tech sorting facility in WA

RMIT program for sustainable building design and construction

Getting closer to a circular economy for plastics

Agrivoltaics — key to reaching net zero?

Saputo Dairy Australia to close King Island Dairy

Getting out the stink from smoke-tainted wine

Dairy shortage hikes prices, according to report

New manufacturing network aims to help Aussie businesses

NZ Food Safety on target to reduce foodborne illness

The significance of data management in mining

Queensland leads on rooftop solar: report

$2.46m LED streetlight rollout for City of Port Adelaide Enfield

Setting a New Standard in Industrial Enclosures: Introducing Rittal AE Compact Enclosures

The role of digital twins in shaping sustainable grids

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd