Abstract
The merger of SCADA (supervisory control and data acquisition) and IoTs (internet of things) technologies allows end-users to monitor and control industrial components remotely. However, this transformation opens up a new set of attack vectors and unpredicted vulnerabilities in SCADA/IoT field devices. Proper identification, assessment, and verification of each SCADA/IoT component through advanced scanning and penetration testing tools in the early stage is a crucial step in risk assessment. The Omega2, a small Linux server from Onion™, is used to develop various SCADA/IoT systems and is a key component of nano power grid systems. In this paper, we report product level vulnerabilities of Onion Omega2 that we have uncovered using advanced vulnerability scanning tools. Through this research, we would like to assist vendors, asset owners, network administrators, and security professionals by creating an awareness of the vulnerabilities of Onion Omega2 and by suggesting effective mitigations and security best practices.
Highlights
There has been a surge in the deployment of internet of things (IoT) with supervisory control and data acquisition (SCADA) systems to control industrial infrastructures across open access networks.While this has provided better control and manageability, it has exposed such systems to cyber threats [1]
One example of a bad programming practice is the vulnerability introduced in a programable logic controller (PLC) product owing to hardcoded username and password running in the WinCC database, PCS SCADA software [4]
This paper primarily focuses on the vulnerabilities of SCADA embedded systems at the device level, by examining and testing Onion Omega2 firmware
Summary
There has been a surge in the deployment of internet of things (IoT) with supervisory control and data acquisition (SCADA) systems to control industrial infrastructures across open access networks. The internet engineering task force (IETF) has released RFC 8576 that detects embedded device vulnerabilities such as object cloning, vulnerable software, malicious substitution, denial of service, and firmware attacks as the main threats for IoT/SCADA-based systems [2]. These devices are vulnerable to cyber attacks owing to weak structural design and bad coding practices during the development life cycle which may expose the entire control system to the outside world [3]. In a traditional IT environment, clients (system‐owners technicians) control the field equipment through Onion Omega from their mobile devices.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
