www.cisa.gov
Open in
urlscan Pro
2600:1417:3f:781::447a
Public Scan
Submitted URL: https://cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
Effective URL: https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01
Submission: On August 14 via api from SG — Scanned from SG
Effective URL: https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01
Submission: On August 14 via api from SG — Scanned from SG
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content
An official website of the United States government
Here’s how you know
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
Search
×
search
Menu
Close
×
search
* Topics
Topics
Cybersecurity Best Practices
Cyber Threats and Advisories
Critical Infrastructure Security and Resilience
Election Security
Emergency Communications
Industrial Control Systems
Information and Communications Technology Supply Chain Security
Partnerships and Collaboration
Physical Security
Risk Management
How can we help?
GovernmentEducational InstitutionsIndustryState, Local, Tribal, and
TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help
LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
* Spotlight
* Resources & Tools
Resources & Tools
All Resources & Tools
Services
Programs
Resources
Training
Groups
* News & Events
News & Events
News
Events
Cybersecurity Alerts & Advisories
Directives
Request a CISA Speaker
Congressional Testimony
CISA Conferences
CISA Live!
* Careers
Careers
Benefits & Perks
HireVue Applicant Reasonable Accommodations Process
Hiring
Resume & Application Tips
Students & Recent Graduates
Veteran and Military Spouses
Work @ CISA
* About
About
Culture
Divisions & Offices
Regions
Leadership
Doing Business with CISA
Site Links
Reporting Employee and Contractor Misconduct
CISA GitHub
CISA Central
2023 Year In Review
Contact Us
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
Breadcrumb
1. Home
2. News & Events
3. Cybersecurity Advisories
4. ICS Alert
Share:
ICS Alert
CONTROL SYSTEM INTERNET ACCESSIBILITY
Last Revised
January 21, 2014
Alert Code
ICS-ALERT-10-301-01
DESCRIPTION
This 2010 alert summarizes several reports from multiple independent security
researchers who have discovered Internet facing SCADA systems using potentially
insecure mechanisms for authentication and authorization.
table.gridtable {
font-family: verdana,arial,sans-serif;
font-size:11px;
color:#333333;
border-width: 1px;
border-color: #666666;
border-collapse: collapse;
}
table.gridtable th {
border-width: 1px;
padding: 8px;
border-style: solid;
border-color: #666666;
background-color: #dedede;
}
table.gridtable td {
border-width: 1px;
padding: 8px;
border-style: solid;
border-color: #666666;
background-color: #ffffff;
}
SUMMARY
The ICS-CERT has recently received several reports from multiple independent
security researchers who have employed the SHODAN search engineSHODAN is a
search engine for Internet facing devices. Its database contains devices
identified by scanning the Internet for the ports typically associated with
HTTP, FTP, SSH, and Telnet. Searches can be filtered by port, hostname, and/or
country. Search results include information like HTTP server responses to GET
requests; FTP and Telnet service banners and client/server messages exchanged
during login attempts, and SSH banners (including server versions). Search
engine can be found at: http://www.shodanhq.com. to discover Internet facing
SCADA systems using potentially insecure mechanisms for authentication and
authorization. The identified systems span several critical infrastructure
sectors and vary in their deployment footprints. ICS-CERT is working with asset
owners/operators, Information Sharing and Analysis Centers (ISACS), vendors, and
integrators to notify users of those systems about their specific issues;
however, due to an increase in reporting of these types of incidents, ICS-CERT
is producing a more general alert regarding these issues.
In most cases, the affected control system interfaces were designed to provide
remote access for monitoring system status and/or certain asset management
features (i.e., configuration adjustments). The identified systems range from
stand-alone workstation applications to larger wide area network (WAN)
configurations connecting remote facilities to central monitoring systems.
These systems have been found to be readily accessible from the Internet and
with tools, such as SHODAN, the resources required to identify them has been
greatly reduced.
In addition to the increased risk of account brute forcing from having these
systems available on the Internet, some of the identify systems continue to use
default user names and passwords and/or common vendor accounts for remote access
into these systems. These default/common accounts can in many cases be easily
found in online documentation and/or online default password repositories.
Control System owners and operators are advised to audit their control
systems—whether or not directly connected to the Internet—for the use of default
administrator level user names and passwords.
ADDITIONAL MATERIAL
The ICS-CERT has previously published Control Systems Analysis Report
“CSAR-10-025-01 Analysis of Shodan – Computer Search Engine,” that discusses the
importance of minimizing network exposure by ensuring that control system
devices are not visible on the Internet. That CSAR is currently available only
through the US‑CERT secure portal (Control Systems
Center/Library/ICS-CERT/ICS-CERT Advisories and Reports/…).
ICS-CERT has previously published Control Systems Analysis Report
“CSAR-10-114-01 - SSH Scanning” that discusses the brute forcing of control
system secure shell (SSH) accounts. Many of the tactics, techniques, and
procedures that can be used to brute force SSH account usernames and passwords,
also applies to web-based human-machine interface (HMI) systems.
The ICS‑CERT has also published an Advisory “ICSA-10-228-01 - Vendor Admin
Accounts Warning,” that discusses the importance of owner/operator awareness and
control of administrator level accounts installed on control systems by
third-party vendors.
RECOMMENDATIONS
ICS-CERT recommends:
* Placing all control systems assets behind firewalls, separated from the
business network
* Deploying secure remote access methods such as Virtual Private Networks
(VPNs) for remote access
* Removing, disabling, or renaming any default system accounts (where possible)
* Implementing account lockout policies to reduce the risk from brute forcing
attempts
* Implementing policies requiring the use of strong
passwords.http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf.
* Monitoring the creation of administrator level accounts by third-party
vendors (ICSA-10-228-01).
This product is provided subject to this Notification and this Privacy &
Use policy.
VENDOR
* Other
PLEASE SHARE YOUR THOUGHTS
We recently updated our anonymous product survey; we’d welcome your feedback.
RELATED ADVISORIES
Mar 04, 2021
ICS Alert | ICS-ALERT-21-063-01
MICROSOFT EXCHANGE
Aug 04, 2020
ICS Alert | ICS-ALERT-20-217-01
ROBOT MOTION SERVERS
Mar 03, 2020
ICS Alert | ICS-ALERT-20-063-01
SWEYNTOOTH VULNERABILITIES
Sep 10, 2019
ICS Alert | ICS-ALERT-19-225-01
MITSUBISHI ELECTRIC EUROPE B.V. SMARTRTU AND INEA ME-RTU (UPDATE A)
Return to top
* Topics
* Spotlight
* Resources & Tools
* News & Events
* Careers
* About
Cybersecurity & Infrastructure Security Agency
* Facebook
* Twitter
* LinkedIn
* YouTube
* Instagram
* RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
* About CISA
* Budget and Performance
* DHS.gov
* Equal Opportunity & Accessibility
* FOIA Requests
* No FEAR Act
* Office of Inspector General
* Privacy Policy
* Subscribe
* The White House
* USA.gov
* Website Feedback