SCADA software exposed for zero-day holes

By

Researchers have field day with finds.

Researchers claim to have found 23 vulnerabilities in SCADA software that expose machinery to the risk of either remote code execution or denial-of-service attacks.

SCADA software exposed for zero-day holes

Exodus Intelligence research vice president Aaron Portnoy found the holes affecting SCADA gear from Rockwell Automation, Schneider Electric, Indusoft, RealFlex and Eaton.

Each was reported to the US ICS-Cert.

“The most interesting thing about these bugs was how trivial they were to find," Portnoy said.

"The first exploitable zero-day took a mere seven minutes to discover from the time the software was installed.

“For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison."

He said it was difficult to locate the SCADA software and planned to ask the ICS-Cert to establish a repository in which the applciations could be studied for vulnerability research.

The finds follow a series of SCADA vulnerability discoveries by research outfit ReVuln which privately sold the findings to its customers.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?