Latest Intel CPU vulnerability - should we fear the Spoiler?
How dangerous is this vulnerability to SCADA and MES servers?
Freshly discovered Intel Spoiler vulnerability is yet another issue found in Intel microprocessors. In our blog about D2000 and IoT, we have already mentioned the Spectre and Meltdown vulnerabilities. All these vulnerabilities are related to speculative instruction execution.
The Spoiler vulnerability targets an area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache. The attacker can obtain passwords, keys and other data from parts of memory which were supposed to be outside of the user-area memory space.
So, how significant are these vulnerabilities in industrial control systems and how do they affect D2000?
First, good news for users of D2000 for Raspberry PI: as ARM processors used in various generations of Raspberry PI do not use speculative instruction execution to increase performance, they are immune to such vulnerabilities.
Systems running Linux or Windows versions of D2000 are, however, in a more difficult position. If they use AMD processors, they are subjects to Spectre and Meltdown, but not to the Spoiler vulnerability. If they use Intel processors, all three vulnerabilities apply.
However - for these vulnerabilities to be exploited, the computer system must be accessed first. Possible scenarios include running malicious software or even visiting a web page and thus running a malicious JavaScript inside a browser.
Ordinarily, a SCADA/MES server is running in a safe environment. Usually (at least according to our experience) without access to the World Wide Web - or the access is limited to a few trusted sites by a web proxy server. The only users, who may access the server, are system and application administrators. Therefore, the risk of them downloading and running malware seems to be rather low - and it may be reduced even more by educating them properly! (That's what you do, don't you?)
Off course, the above-mentioned attack scenarios are not the only ones that one can imagine. An unpatched vulnerability in OS can serve as an entry point for malware, which can then utilize existing CPU vulnerabilities to steal sensitive data.
However, we presume that your servers live on a protected network, separated from less-secure segments by a firewall and that they are subjects to regular patching.
They are, aren't they?
Regular patching mitigates the risk of exploiting a known vulnerability (although there is always a chance of malware using unknown zero-day vulnerability), and network separation by a firewall prevents malware from sending the sensitive data away. Well, that is true, if the firewall is configured using a "default deny" policy also for the internal and trusted network - it should permit only a set of predefined data flows and deny anything else by default.
While I try not to underestimate the risk of these CPU vulnerabilities, they seem to be far more dangerous to ordinary users' computers that to well-secured SCADA and MES servers.
As for the servers - I would be more afraid of vulnerabilities of various management technologies of the x64 processor (such as INTEL-SA-00075 or INTEL-SA-00086). But that's a topic for a different blog.