Updated on 2022-11-11: Fixes Available for High-Severity Flaw in ABB Flow Computers and Controllers
Researchers from Claroty have detected a path-traversal vulnerability that affects flow computers and remote controllers used in the oil and gas industries. The issue affects ABB TotalFlow flow computers and controllers. ABB released firmware patches to address the issue in July.
- I like the first bullet item in the Claroty executive summary on their findings: “Flow computers calculate oil and gas volume and flow rates; these measurements are critical not only to process safety, but are also used as inputs in other areas, *including billing*.” Note that many news reports picked up on the “including billing” and the connection to the Colonial Gas pipeline ransomware attack that caused gas shortages because billing apps went down. If you are using ABB controllers, use that same focus on the business/billing disruption to get patching prioritized.
- These are driven by an ARM v8 processor running Linux. The flaw can be leveraged to get root on those devices, read/write files – these computers calculate volume and flow rates used by alarms, safety and billing systems. An attack could impact a company’s ability to bill and/or disrupt the flow altogether. If you have some of these, apply the update as well as make sure that they are properly isolated/segmented. Read the report from Claroty if you’ve wondered what these can do.
Read more in
- An Oil and Gas Weak Spot: Flow Computers
- High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies
- ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers
- Cyber security alerts and notifications
Claroty disclosed that oil & gas flow computers and remote controllers manufactured by Swiss firm ABB suffer from a severe flaw that can allow attackers to execute arbitrary code. Read more: An Oil and Gas Weak Spot: Flow Computers