It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
SCADA software is a bug trap SCADA software is a bug trap
FAQ Members List Calendar Search Today's Posts Mark Forums Read


SCADA software is a bug trap
Reply
 
Thread Tools
Old 28th November 2012, 09:36   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 153,541
Stefan Mileschin Freshly Registered
Default SCADA software is a bug trap

SCADA software has more bugs in it than Casu marzu cheese, according to Italian insecurity experts.

Researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric.

Other researchers at Exodus Intelligence have followed suit and found more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work.

SCADA software is rather important. It is used to run systems at utilities, manufacturing plants and other critical points.

It has also been a key target for security researchers as well as hackers.

There have been few documented attacks against SCADA installations enterprise software, but those which have happened have created a real mess.

The most well-known example was the Stuxnet worm, which targeted Siemens software installed at the Natanz enrichment facility in Iran.

Terry McCorkle told Threatpost that the operating system was stuck in the 1990s. SDL doesn't exist in Industry Control System (ICS) software. There are a lot of ActiveX and file format bugs and he didn't even bother looking at problems with services.

He said that the state of ICS security is kind of laughable.

Exodus Intelligence expert Aaron Portnoy, who had a bit of time on his hands waiting for his Thanksgiving turkey to cook, spent a couple of hours looking for bugs in SCADA applications.

He said he found more than 20, several of which are remote code-execution vulnerabilities.

Portnoy said that the most interesting thing about these bugs was how trivial they were to find. The first exploitable 0day took a mere seven minutes to discover from the time the software was installed.

He said that the most difficult part of finding SCADA vulnerabilities seems to be locating the software. Apparently finding the software on a system was more difficult than finding the bugs themselves.

Portnoy had no experience of SCADA apps and based his search on the video posted by ReVuln.

http://news.techeye.net/security/sca...-is-a-bug-trap
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
PVR recording software? mentalcrisis00 General Madness - System Building Advice 2 29th September 2007 18:08
What's Different About Multiprocessor Software? jmke WebNews 1 24th April 2007 10:51
When is a Software Engineer Not a Software Engineer? Sidney WebNews 0 15th November 2004 07:25
old hw- no new software koensa General Madness - System Building Advice 10 30th August 2004 12:54
Best backup software ? bambix Hardware/Software Problems, Bugs 4 27th September 2003 16:47
naamkaart software DJ-EviL Hardware/Software Problems, Bugs 0 4th December 2002 17:43
Divx software GORGH Hardware/Software Problems, Bugs 4 11th June 2002 11:46

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 06:26.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO