Access the latest quantum technology

Quantum technology in Bristol and bath - find out more about how you can access the commercialisation of quantum technology for sensing and security

Friday, November 30, 2012

Researcher Finds 23 SCADA Security Flaws in One Morning


This is the reason I bang on about security for embedded systems, particularly for the Internet of Things:


Researcher Aaron Portnoy found a remote code execution bug and a denial-of-service (DoS) flaw in Rockwell Automation SCADA products; three remote execution flaws and one DoS bug in Schneider Electric products; a DoS flaw in Indusoft SCADA products; eight DoS flaws in Realflex SCADA products; and three remote code execution bugs, two DoS, and three file vulnerabilities in Eaton products, a total of 23 from a simple scan. And if he can do it, so can hackers.
It also didn't take long - the first exploitable zero day bug took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison he said.

By Nick Flaherty www.flaherty.co.uk

No comments: