author photo
By Cam Sivesind
Thu | Nov 10, 2022 | 9:37 AM PST

A new research report has exposed vulnerabilities in the oil and gas industry, specifically to flow computers that regulate and calculate volume and flow rates of substances such as natural gas, crude oils, and other hydrocarbon fluids.

The report was issued by Team82, the research arm of Claroty, an industrial security company. While the threat is pretty specific to "a path-traversal vulnerability in ABB TotalFlow flow computers and controllers," it is an example of ways hackers can disrupt critical infrastructure systems.

Disruptions can affect safety by throwing off input amounts; triggering alarms in error; throwing off logs, reports, and configurations; and affecting utility billing, the report says, citing a recent ransomware attack.

"The most noteworthy and related security incident was the ransomware attack against Colonial Pipeline, which impacted enterprise systems, and forced the company to shut down production because it could not bill customers. Disrupting the operation of flow computers is a subtle attack vector that could similarly impact not only IT, but also OT systems; this led us to research the security of these machines."

In July of this year, ABB, a Swedish-Swiss industrial automation firm whose flow computers and controllers were found vulnerable, issued a security advisory. The advisory lists seven ABB devices and provides fixed flash part numbers for customers.

"Mitigation can be accomplished by proper network segmentation," the company advised. "ABB recommends that customers apply the flash update at the earliest convenience."

It further added: "To mitigate this vulnerability, the ABB device should only be connected to a network segment that restricts access to authorized users. The vulnerability is only exposed when the attacker has access to the network where the ABB device is running Totalflow TCP protocol."

See the Claroty Team 82 report for diagrams of how a flow computer measures gas flow. 

Attackers take over control of the flow computers to remotely disrupt the system's ability to accurately measure oil and gas flow. The result can be disruption of services and unsafe flow conditions.