Saturday, June 14, 2008

Another SCADA security vulnerability

What a great day - another SCADA security vulnerability uncovered! I don't want to see any industrial software fail, but I know the nitch products were written in a vacuum without security in mind. HMI packages are buggy and susceptible to attack - particularly the older ones still in use! We need to get over it, confront the issue, and fix it! Hopefully vendors have the integrity to self-test and release patches on their own, but this won't solve the problem. A developer simply can't find all of his own bugs in a test environment. The more computer security research groups start looking into these "little" but significant applications the better.

This time it was Citect, Wonderware had the last one. SCADA vendors be ready - you're next! That's you: Rockwell, GE, and Inductive Automation!

2 comments:

Anonymous said...

GE was already hit - both Proficy and Cimplicity had serious vulnerabilities, not just DoS but also remote code execution.

Look for "cimplicity vulnerability" or "proficy vulnerability" and you'll find it...

Anonymous said...

We are working on a SCADA security project.

Although our web site is still only available in Spanish, soon it will be in English and German.

Web page: redes industriales

Regards.