Full Report
Several companies, including Cisco, Rockwell Automation, Sierra Wireless, ABB and Siemens, have reported vulnerabilities in their industrial devices. The vendors are preparing updates to close these vulnerabilities and will release the patches as they are ready.
Analysis Summary
# Vulnerability: KRACK (Key Reinstallation Attacks) in Industrial Solutions
## CVE Details
- **CVE ID:** CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
- **CVSS Score:** 6.8 (Medium) - Note: Scores vary by specific CVE and vendor implementation.
- **CWE:** CWE-323 (Reusing a Nonce, KeyPair ID, or IV)
## Affected Systems
- **Products:** Industrial wireless access points, controllers, routers, and IoT gateways from the following vendors:
- **Cisco:** IP Phones, Aironet Access Points, Wireless LAN Controllers.
- **Rockwell Automation:** Stratix wireless access points and client modules.
- **Sierra Wireless:** AirLink gateways and routers.
- **ABB:** Wireless products utilizing WPA2.
- **Siemens:** SCALANCE W family products.
- **Versions:** Multiple versions using WPA2 protocol for wireless encryption.
- **Configurations:** Systems configured to use WPA2 or WPA (TKIP/AES) for client or repeater functionality.
## Vulnerability Description
The vulnerability lies in the WPA2 protocol's 4-way handshake, PeerKey handshake, Group Key handshake, and Fast BSS Transition (FT) handshake. An attacker can force a victim to reuse cryptographic keys by manipulating and replaying cryptographic handshake messages. This breaks the encryption by resetting the "packet number" (nonce) and receive replay counter to their initial values.
## Exploitation
- **Status:** PoC available (Mathy Vanhoef's original research); no confirmed widespread exploitation in the wild at the time of initial industrial vendor reporting.
- **Complexity:** Medium
- **Attack Vector:** Adjacent (Attacker must be within physical range of the wireless network).
## Impact
- **Confidentiality:** High (Attacker can decrypt Wi-Fi traffic).
- **Integrity:** Medium (Depending on the implementation, attackers may be able to inject or forge packets).
- **Availability:** Low (Potential for connection disruption).
## Remediation
### Patches
- **Cisco:** Software updates for IOS, IOS-XE, and AireOS. Check Cisco Security Advisory for specific version fixes.
- **Siemens:** Updates provided for SCALANCE W700 family.
- **Rockwell Automation:** Firmware updates for Stratix series (refer to Knowledgebase Article 1064003).
- **Sierra Wireless:** ALEOS and AirVantage updates released for various AirLink models.
### Workarounds
- Use Wired connections (Ethernet) for critical industrial control traffic where possible.
- Implement end-to-end encryption (VPN, TLS/SSL) over the wireless network to protect data even if the WPA2 layer is compromised.
- Disable "802.11r" (Fast BSS Transition) if the environment allows, as it reduces the attack surface.
## Detection
- **Indicators of compromise:** Presence of unauthorized rogue access points performing Man-in-the-Middle (MitM) setups.
- **Detection methods and tools:** Specialized wireless Intrusion Detection Systems (WIDS) can detect abnormal re-transmissions of EAPOL M3 messages which are characteristic of this attack.
## References
- Cisco Advisory: hxxps[://]tools[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- Siemens Advisory: hxxps[://]www[.]siemens[.]com/cert/pool/cert/siemens_advisory_ssa-929388.pdf
- Rockwell Automation: hxxps[://]rockwellautomation[.]custhelp[.]com/app/answers/detail/a_id/1064003
- Kaspersky ICS-CERT: hxxps[://]ics-cert[.]kaspersky[.]com/publications/blog/2017/11/15/vendors-confirm-that-industrial-solutions-are-vulnerable-to-krack-attacks/