It is amazing that over two years after I wrote my post The SCADA Scandal, that the problem still exist. Nay, it grows larger, seemingly daily.
In a short but succinct post below, which was first posted here and is graciously made available to readers of this blog, Mourad explains:
Italian security researcher recently revealed details of several vulnerabilities in the system supervisory control and data acquisition (SCADA) from multiple vendors. Luigi Auriemma (site no longer available) has released details and proof of concept code for 6 vulnerabilities affecting popular SCADA systems. Most of the vulnerabilities allow remote code execution, many of them are easy to use,” – says Luigi Auriemma. “At least three vendors have released patches, and Rockwell Automation is working on it right now.”
The affected products are:
- Beckhoff TwinCAT ‘TCATSysSrv.exe’ Network Packet Denial of Service Vulnerability
- Rockwell RSLogix Overflow Vulnerability
- Measuresoft ScadaPro Multiple Vulnerabilities
- Cogent DataHub Multiple Vulnerabilities
- AzeoTech DAQFacstory Stack Overflow
- Progea Movicon Multiple Vulnerabilities
It is amazing that we keep finding these holes daily. Forget Stuxnet and the STARS. These still exist in everyday life-support infrastructure and utilities networks we depend on for our very civilization. Until when will they be allowed to exist unmitigated?