Friday, November 30, 2012

Researcher Finds 23 SCADA Security Flaws in One Morning


This is the reason I bang on about security for embedded systems, particularly for the Internet of Things:


Researcher Aaron Portnoy found a remote code execution bug and a denial-of-service (DoS) flaw in Rockwell Automation SCADA products; three remote execution flaws and one DoS bug in Schneider Electric products; a DoS flaw in Indusoft SCADA products; eight DoS flaws in Realflex SCADA products; and three remote code execution bugs, two DoS, and three file vulnerabilities in Eaton products, a total of 23 from a simple scan. And if he can do it, so can hackers.
It also didn't take long - the first exploitable zero day bug took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison he said.

By Nick Flaherty www.flaherty.co.uk

No comments:

Sponsored link: Silicon South West

News and comment from the technology cluster in the South West UK at www.siliconsouthwest.co.uk.

PLATINUM SPONSOR