SAP SCM Security

What is SAP SCM?

SAP SCM is one of the most widely-used systems. It is a part of SAP Business Suite that is designed for business systems, which store and process critical corporate data. It is used for supply chain management optimization, measuring optimal use of resources to improve product profitability. Retail industries usually build their business processes around the SCM system. Unauthorized access to it can compromise the control of logistics. This system is accessible through the Internet to provide vendors with convenient remote access, which makes it a perfect target for attacks.

SAP BI Security Risks

There are multiple risks related to SAP SCM Security. Some of them are listed below.

Unauthorized modification of data (Sabotage).

It is possible to decrease tender efficiency by gaining unauthorized access to SAP SCM. The problem is that it is quite common for a company to process all key business-processes on the basis of logistics. For example, logistics is the key factor of business optimization and cost reduction for the Retail industry. With the control over SAP SCM, attackers can change the information about supplies and thereby cause financial losses. It is easy to imagine a situation where some goods were sent to a fully occupied warehouse or just could not reach one because the corresponding information was changed by an attacker.

Theft of goods (Fraud)

An attacker can cause income shortage or even transfer money to another organization through unauthorized access to SAP SCM, especially if the company’s employees are in collusion with a third-party organization. The difference between the real cost of services and the forged one may be used as a means of funds embezzlement. In addition, an attacker can create a false vendor to transfer money to them. A well-known example of such operation is when an order for bomb detectors for Iraq was made with the help of a surreptitious vendor. Back then, the total cost exceeded $55 million.

Theft of funds. Corruption (Fraud)

With access to SAP SCM, an attacker can transfer funds to an unknown bank account via a front company.

SAP SCM Vulnerabilities

SAP SCM uses SAP NetWeaver Application Server ABAP (AS ABAP) as its main platform. Thus it is subject to all the vulnerabilities of the platform, which total to at least 1050. Additionally, there are about 80 vulnerabilities that are specific to different modules of SAP SCM.

The most critical vulnerability of this platform was found back in 2007, and it is still relevant for many systems. It is a Gateway service vulnerability, which can potentially compromise access to SAP server allowing to run any of the OS commands.

How we can help with SAP SCM Security?

ERPScan Smart Cybersecurity Platform for SAP have specific checks to analyze your SAP SCM system for security issues. This award-winning software is the only SAP SE certified solution on the market able to identify, analyze, and remediate all SAP security issues, and to provide powerful protection against cyber attacks and fraud. It embraces all three areas of SAP security: vulnerability management, source code review for custom programs and segregation of duties (SoD).