This is the reason I bang on about security for embedded systems, particularly for the Internet of Things:
Researcher Aaron Portnoy found a remote code execution bug and a denial-of-service (DoS) flaw in Rockwell Automation SCADA products; three remote execution flaws and one DoS bug in Schneider Electric products; a DoS flaw in Indusoft SCADA products; eight DoS flaws in Realflex SCADA products; and three remote code execution bugs, two DoS, and three file vulnerabilities in Eaton products, a total of 23 from a simple scan. And if he can do it, so can hackers.
It also didn't take long - the first exploitable zero day bug took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison he said.
By Nick Flaherty www.flaherty.co.uk
No comments:
Post a Comment