Claroty reveals exploitable vulnerabilities in GE Proficy Historian

Claroty

Friday, 20 January, 2023

Claroty reveals exploitable vulnerabilities in GE Proficy Historian

Claroty’s Team82 cybersecurity research team has announced that it has uncovered five exploitable vulnerabilities in GE Proficy Historian.

Historian servers have a long reach within enterprise networks. These critical databases not only store data collected from industrial control systems, but they also extend to the corporate network by sharing information with ERP systems and analytics platforms. When security researchers — and attackers — talk about crossing over from enterprise systems to operational technology networks, historian servers are often a bridge they navigate.

To better understand this attack surface, Team82 researched GE’s Proficy Historian, which collects, stores and distributes time-series and engineering data. Industrial automation operations generate important data about the health of assets and processes, and historian servers play a considerable role in processing and analysing that information on-premises or in the cloud in order to understand and improve process efficiency.

For a determined attacker, information such as process control, performance and maintenance data has considerable value. Attackers would target historian servers in order to:

  • Gather intelligence about industrial processes.
  • Use their access for financial gain.
  • Manipulate an automation process by changing or deleting data in order to disrupt operations.
  • Damage equipment or endanger operators.
  • Exploit the pivot point to the OT network.
     

The research uncovered five vulnerabilities — including authentication bypasses, file manipulation, and remote code execution bugs — that allowed Team82 to access a test pharmaceutical network in its lab and modify records.

Team82 privately reported the five vulnerabilities in GE Proficy Historian, which have a cumulative CVSS v3 severity score of 9.8. The flaws can enable an attacker to access a GE Proficy Historian server, modify files, disrupt processes and crash machines.

GE said GE Proficy Historian v8.0.1598.0 is affected, and it has mitigated all of the vulnerabilities in the recently released GE Proficy Historian 2023. Users are urged to upgrade in order to be protected.

The ICS-CERT’s security advisory may be found here, and more detail about the vulnerabilities can be found from Claroty here.

Image credit: iStock.com/iambuff

Related News

Rockwell Automation and Microsoft expand cloud and AI partnership

Rockwell and Microsoft have announced an expanded strategic collaboration that includes new cloud...

TNA's industrial XR brings Industry 5.0 to food manufacturers

Food processing and packaging technology company TNA Solutions has launched an immersive,...

Siemens updates TIA Portal

TIA Portal Version 20 focuses on performance and efficiency enhancements for users.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd