Nozomi Networks Labs has revealed significant IT vulnerabilities affecting certain protection systems of critical industrial locations and vital operators. The concern is all the greater as there is no way to remedy it.
Many infrastructures, such as hospitals, or institutional and government sites, are placed under constant threat of computer attacks. But the security of companies in the industrial sector and operators of vital importance remains at the heart of concerns.
Nozomi Networks Labs has uncovered worrying unresolved vulnerabilities in the Bently Nevada 3500 machine protection systems, which are critical to energy and industrial companies.
One of the flaws allows hackers to gain full access to machines
Late last year, Nozomi Networks Labs launched an in-depth study of Bently Nevada 3500 machine protection systems, widely used in sensitive industrial environments. They make it possible to monitor rotating machines in real time in industries such as refineries, hydroelectric power stations, but also petrochemical plants and wind farms. The devices help monitor temperature, vibration and speed indicators to prevent mechanical failures in industrial machines that may otherwise experience problems.
The results of the visibility specialist OT (operational technology systems), IT (information technology) and IoT (connected objects) are unfortunately alarming after the discovery of three vulnerabilities. One of them was directly classified as “high risk”, in that it could compromise the integrity and confidentiality of industrial operations.
This major flaw, referenced CVE-2023-34437, can indeed allow a hacker to bypass the authentication process and obtain full access to the device by developing and sending a simple malicious request.
There is no fix
This high-risk flaw exposes sensitive information to an unauthorized actor, who could freely endanger certain delicate operations on sites that are just as sensitive. The technical details have also, for security reasons, not been revealed, because no patch is currently available, the systems being too old.
The company Bently Nevada, a subsidiary of the oil services giant Baker Hughes, reacted quickly by providing recommendations to its customers, in order to immediately strengthen their security. For example, it advises keeping devices in “RUN” mode rather than “CONFIG” mode during maintenance, but also segmenting the network to prevent unauthorized access, and using unique and strong passwords.
In this case, the activation of security functions not activated by default is strongly encouraged. A proactive approach will help minimize the impact of potential vulnerabilities. But Nozomi Networks highlights the importance of once again making industrial organizations aware of potential vulnerabilities.
1