Friday, November 30, 2012

Researcher Finds 23 SCADA Security Flaws in One Morning

This is the reason I bang on about security for embedded systems, particularly for the Internet of Things:

Researcher Aaron Portnoy found a remote code execution bug and a denial-of-service (DoS) flaw in Rockwell Automation SCADA products; three remote execution flaws and one DoS bug in Schneider Electric products; a DoS flaw in Indusoft SCADA products; eight DoS flaws in Realflex SCADA products; and three remote code execution bugs, two DoS, and three file vulnerabilities in Eaton products, a total of 23 from a simple scan. And if he can do it, so can hackers.
It also didn't take long - the first exploitable zero day bug took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison he said.

By Nick Flaherty

No comments:


South West Innovation News - news from across the region for oneof the world's hottest tech clusters