Vulnerable Historians that aren’t Chris

Posted on Wednesday, Jan 25, 2023 by Ned Bellavance

Featured in this episode of Chaos Lever

I ran out of space in the main story, so I shoved this in here. If you’ll remember from my long winded exploration into OT systems, one type of system is the Historian. And it’s not a bespeckled, bookworm sitting on a Chesterfield with a nice cuppa Earl Grey- as nice as that might be- nay it is essentially a data lake of time-series information from the OT systems that report to it.

The time series data can be of great use to folks on the business side, so the Historian often has to straddle both the IT network and OT network, providing access to the data scientists while also collecting data from the OT systems.

The US Cybersecurity and Infrastructure Agency has issued a warning about five vulnerabilities in the GE Proficy Historian, joining previous vulnerabilities found in the Schneider Electric Vijeo Historian and the Siemens’ SIMATIC Process Historian. Because of the unique placement of Historians, a client-facing vulnerability could be exploited to gain access to Industrial Control Systems, Building Automation Systems, or any other OT system.

This is compounded by the fact that most OT systems rely on network segmentation or air-gapping for their security and are rarely patched. The Historian, on the other hand, is not part of the process loop and should be part of the regular IT patch cycle. You may want to check with your OT team if there are any historians on the network.