What is SAP SCM?
SAP SCM is one of the most widely-used systems. It’s a part of SAP Business Suite,
which is intended for business systems that store and process critical corporate data. It is used for
supply chain management optimization, measuring optimal usage of resources to improve product
profitability. Retail industries usually build their business processes around SCM system. An
unauthorized access can lead to compromising control over logistics processes. This system can be
accessed through the Internet to give vendors a convenient remote access which makes it a perfect target
SAP BI Security Risks
There are multiple risks related to SAP SCM Security. Some of them are listed
Unauthorized modification of data (Sabotage) / changing data in the chain
It is possible to decrease tender efficiency by gaining unauthorized access to SAP
SCM. The problem is that it is quite common for a company to process all the key business-processes on
the basis of logistics. For example, logistics is the key factor of business optimization and cost
reduction for a retail industry. Having gained control over SAP SCM attackers can change the information
about supplies to cause financial losses. It is easy to imagine a situation where some goods were sent
to a fully occupied warehouse or could not reach it, because the corresponding information was changed
by an attacker.
Theft of funds. Corruption (Fraud)
An attacker can cause income shortage or even transfer money to a different
organization using an unauthorized access to SAP SCM, especially if the company’s employees are in
collusion with a third party organization. The difference between the real cost of services and the
deceptively entered one may be used as a means for funds embezzlement. In addition, an attacker can
create a false vendor to transfer money to him. A well-known example of such operation is when with the
help of a surreptitious vendor an order was made for bomb detectors for Iraq. Back then the total cost
exceeded 55 million dollars.
Theft of goods (Fraud)
Having access to SAP SCM an attacker can transfer funds to an unknown bank account
via a front company.
SAP SCM Vulnerabilities
SAP SCM uses SAP NetWeaver Application Server ABAP (AS ABAP) as a main platform,
thus it is subject to all the vulnerabilities of the platform, that totals to at least 1050. Also, there
are about 80 vulnerabilities, that are specific to different modules of SAP SCM.
The most critical vulnerability of this platform was found back in 2007 and
sometimes is still relevant in many systems. It is a Gateway-service vulnerability, which can
potentially compromise access to SAP server allowing to run any of the OS commands.
How we can help with SAP SCM Security?
Monitoring Suite for SAP have specific checks to analyze your SAP SCM system for security issues.
This award-winning software is the only solution on the market certified by SAP SE to identify, analyze
and to remediate all security issues, and to protect against cyber-attacks and internal fraud. It
embraces the three tiers of SAP security: vulnerability Management, source code review for custom
programs, and segregation of duties (SOD).