ENCS recommends to avoid remotely managing field devices, such as RTUs, gateways, and data concentrators, through a web interface. Engineers commonly use a web interface to configure and maintain devices, as they provide easy access. But by using it they may inadvertently help to spread attacks.
Attackers can hop from one field device to many others through the engineer’s web browser. The attack would consist of two steps, explained in this whitepaper:
Physically attack one field device to insert code into the web interface
Trick the browser into making unwanted changes on other devices
This type of attack is hard to counter, as attackers have many options for each step. It can have large impact, as it scales a physical attack on one device to many other devices. Hence, ENCS recommends managing field devices through other means than web interfaces.