Icefall Vulnerabilities – Challenge to OT

Several vulnerabilities have been discovered in operational technology products that open the door to various types of hacking, dubbed as Icefall the vulnerabilities are caused by insecure-by-design practices in OT.

The affected products are prevalent in industries such as oil and gas, chemical, nuclear, power generation, and distribution, manufacturing, water treatment and distribution, mining, and building automation.

The 56 Icefall vulnerabilities fall under four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates, and remote code execution via native functions.

• 38% allow for compromise of credentials,
• 21% allow for firmware manipulation and
• 14% allow remote code execution.

Using the vulnerabilities, hackers with network access to a targeted device could remotely execute code, change the logic, files, or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service, or have various operational impacts.

Affected vendors include Honeywell International Inc., Motorola Solutions Inc., Omron Corp., Siemens AG, Emerson Electric Co., JTEKT Corp. TYO, Bentley Nevada, Phoenix Contract s.r.o, ProConOS and Yokogawa Electric Corp. The affected vendors were informed of the vulnerabilities before the details were published.

Typically, security issues with software and technology are allocated Common Vulnerabilities and Exposures numbers, but this is not typically the case with OT. Issues considered the result of insecurity by design have not always been assigned CVEs, so they often remain less visible and less actionable.

The report also details various scenarios that could be used against OT software with the vulnerabilities, including causing shutdowns and potentially real-world damage to infrastructure.

This research was conducted and documented by researchers from Forescout