[Imported] Spectre Vulnerability and Scadapack Chipsets?


[Imported] Spectre Vulnerability and Scadapack Chipsets?

>>Message imported from previous forum - Category:SCADAPack RTU<<
User: mchartrand, originally posted: 2018-10-18 19:27:39 Id:130
This is a re-posting from the obsoleted (October 2018) "Schneider Electric Telemetry & SCADA" forum.


The world is freaking out about this right now. Are the chipsets used in scadapacks a potential point of vulnerability? From what I can tell almost all microprocessors have an issue on a hardware level that will require patches. I have equipment on military bases and they all want to know. Any thoughts?_**


Spectre allows for nefarious code running against a vulnerable microprocessor to determine the randomisation applied to 'mask' Kernel memory addresses.

Meltdown allows for nefarious code running against a vulnerable microprocessor to determine the value stored at what should be otherwise privileged memory addresses (which is where Spectre helps... since the memory will be randomised which Spectre will let you derandomise). i.e. allows for unprivileged code (like a piece of Javascript) to read privileged data values (like the nuclear launch codes you have in a text file on your Windows desktop).

Only devices that access insecure executable code (like MS Office documents with macros, or Web Browsers etc) are really included in the attack surface area for such an exploit. It's also only Intel x86-64, and ARM A75 processors that are vulnerable to the Meltdown, patches are in the works for major OSes. SCADAPack RTUs use either x86 (not 64) or lower end ARM processors, so aren't impacted by Meltdown.

This doesn't mean that it can't *affect* RTUs and Radios... after all, they will be secured from 'tampering' by passwords etc, which are likely stored on a PC / Server which *can* run arbitrary code.

Spectre/Meltdown don't deserve much different treatment than all other cyber security vulnerabilities. You should be using application whitelists, you should be performing OS and application patching regularly, you should be separating your various levels of 'secure information' as far apart physically as possible (certainly not running them on the same piece of hardware it seems)...


Forgive me for my ignorance on the subject. Really I just didn't know what chipsets the scadapacks used but it is good to know that they are not affected.
Here is a link to the affected chipsets if anyone reads this thread and needs to know:
I was also comforted by the Security notification sent out by Schneider ClearSCADA product team._**


Note that Schneider's comment on these vulnerabilities (and others now and into the future) are at https://www.schneider-electric.com/en/work/support/cybersecurity/security-notifications.jsp, whilst there perhaps isn't anything technically specific there for now I expect there would be updates as necessary.