Twenty-three zero day holes found in SCADA systems

By

Systems open to remote code execution, denial of service attacks.

Researchers claimed to have found 23 vulnerabilities in SCADA  software that expose machinery to the risk of either remote code execution or denial-of-service attacks.

Twenty-three zero day holes found in SCADA systems

Exodus Intelligence research vice president Aaron Portnoy found the holes affecting SCADA gear from Rockwell Automation, Schneider Electric, Indusoft, RealFlex and Eaton.

Each was reported to the US ICS-Cert.

“The most interesting thing about these bugs was how trivial they were to find," Portnoy said. \

"The first exploitable zero-day took a mere seven minutes to discover from the time the software was installed.

“For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison."

He said it was difficult to locate the SCADA software and planned to ask the ICS-Cert to establish a repository in which the applciations could be studied for vulnerability research.

The finds follow a series of SCADA vulnerability discoveries by research outfit ReVuln which privately sold the findings to its customers.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
exploitsscadasecurityvulnerabilities

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?