Multiple SCADA System Vulnerabilities Released

Tuesday, March 22, 2011



Researchers have released details on dozens of Supervisory Control and Data Acquisition (SCADA) systems vulnerabilities.

SCADA systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants.

The unprecedented release includes thirty-four proof-of-concept exploits for common SCADA software including those produced by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems.

Some of the vulnerabilities could allow attackers access to critical data located in system configuration files, while several others would allow the remote execution of malicious code.

“SCADA is a critical field but nobody really cares about it. That's also the reason why I have preferred to release these vulnerabilities under the full-disclosure philosophy" Luigi Auriemma, one of the researchers, wrote in an email sent to The Register UK.

The vulnerability dump comes just one week after Russian security firm Gleg released a tool that attempts to consolidate all known SCADA exploits into one package.

The tool is called Agora SCADA+ and contains twenty-two modules with eleven zero-day exploits aimed specifically at SCADA system software.

Representatives indicated the company's website came under sustained distributed denial of service (DDoS) almost immediately after the tool was made available.

The most infamous SCADA exploit is Stuxnet, a highly sophisticated designer-virus that damaged equipment at Iran's Natanz uranium enrichment facility.

Stuxnet-type viruses are uniquely dangerous because they are capable not only of affecting network computer systems, they can also cause actual physical damage to the equipment the networks control.

"Stuxnet targeted high speed rotating machinery controls, most probably the Uranium enrichment centrifuges in Iran... Communications with industrial control systems, often via SCADA, can be a vector for attack, or as in the case of Stuxnet, malware can be introduced directly by a bad actor," Richard Stiennon, the author of Surviving Cyber War told Infosec Island.

Possibly Related Articles:
SCADA Vulnerabilities Stuxnet Exploits Headlines Network Security Infrastructure Programmable Logic Controllers Agora SCADA+
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.