The Water Information Sharing and Analysis Center (WaterISAC) has released a warning about the potential for a mandatory Microsoft DCOM patch to disrupt SCADA. According to WaterISAC, ICS/OT/SCADA engineers and operators should assess the use of the Distributed Component Object Model (DCOM) protocol in their industrial environments.
Failing to address the issue could lead to a loss of critical communications between impacted ICS/OT/SCADA devices.
The Distributed Component Object Model (DCOM) is a protocol that enables communication between software components on different computers on a network.
It is embedded in many Industrial Control Systems from companies such as Rockwell Automation, GE, Honeywell, and Siemens. DCOM is often used in ICS/OT/SCADA systems, and if not addressed, it could lead to significant disruptions and security risks.
To address the issue, Microsoft revealed the Windows DCOM Server Security Feature Bypass vulnerability (CVE-2021-26414) in June 2021.
In order to provide time for end-users to migrate and minimize issues, Microsoft took a phased roll-out approach.
The final phase of the DCOM hardening will be included in the Windows Update on March 14, 2023. CISA has urged operators to review the WaterISAC advisory and apply recommended compensating controls to ensure the security of their systems.
In conclusion, the potential for a mandatory Microsoft DCOM patch to disrupt SCADA is a significant concern for ICS/OT/SCADA engineers and operators.
It is critical to assess the use of the DCOM protocol in industrial environments and address the issue before the final phase of the DCOM hardening is included in the Windows Update.
Failure to do so could result in the loss of critical communications between impacted ICS/OT/SCADA devices, which could have far-reaching consequences for businesses and organizations.