Siemens Energy AGT and SGT Solutions
Act Now9.8ICS-CERT ICSA-21-222-06Aug 10, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
DNS vulnerability affecting Siemens Energy industrial gas turbines (SGT-100, SGT-200, SGT-300, SGT-400) and aeroderivative gas turbines (SGT-A20, SGT-A35, SGT-A65) equipped with Allen Bradley or FT125 control systems. The vulnerability is related to "Name:Wreck" DNS-related issues in the control system components. Affects DNS name resolution functionality used by the turbine control systems.
What this means
What could happen
An attacker who can reach the gas turbine control network could exploit this DNS vulnerability to intercept or manipulate control communications, potentially causing turbine malfunction, shutdown, or incorrect operation of safety-critical process parameters.
Who's at risk
Power generation facilities and industrial manufacturers operating Siemens Energy gas turbines (SGT product line) with Allen Bradley or FT125 control systems. This includes both large industrial turbines (SGT-100 through SGT-400) and aeroderivative turbines (SGT-A series) used in combined-cycle power plants, cogeneration facilities, and manufacturing plants requiring high-reliability power or mechanical drive applications.
How it could be exploited
An attacker with network access to the turbine control system (SGT devices with Allen Bradley or FT125 control systems) could target the DNS resolution mechanism to intercept or spoof DNS responses. This could allow redirection of control system communications or injection of malicious commands into the turbine control logic.
Prerequisites
- Network access to the SGT turbine control system or its DNS services
- The SGT device must be using Allen Bradley (ControlLogix/CompactLogix) or FT125 control components
- DNS communication path between the turbine controller and DNS services
Remotely exploitableCritical CVSS score (9.8)Affects turbine control systems (safety-critical)No patch available for SGT devicesRequires assessment of Rockwell Automation patch compatibility
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (7)
7 EOL
ProductAffected VersionsFix Status
SGT-100All versionsNo fix (EOL)
SGT-200All versionsNo fix (EOL)
SGT-300All versionsNo fix (EOL)
SGT-400All versionsNo fix (EOL)
SGT-A20All versionsNo fix (EOL)
SGT-A35All versionsNo fix (EOL)
SGT-A65All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/4WORKAROUNDContact Siemens Energy for compatibility assessment of Rockwell Automation Security Advisory PN1564 updates before applying patches to SGT control systems
HARDENINGIsolate SGT turbine control networks from business network and the Internet using firewalls and network segmentation
HARDENINGImplement network access controls to restrict communication to the turbine control systems, allowing only authorized engineering and monitoring hosts
HARDENINGIf remote access to turbines is required, use a VPN with current security patches and require multi-factor authentication
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXApply Rockwell Automation patches referenced in Security Advisory PN1564 for affected Allen Bradley/FT125 components after compatibility testing
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b73b1bc3-bd5b-41a3-a491-dd76a5a7f11e