Wednesday, May 09, 2007

SCADA Systems Vulnerabilities Exposed

Matt Hines writes on the InfoWorld "Zero Day Security" Blog:

Ironically, as I was busy piecing-together Tuesday's story on infrastructure systems security trends, I missed the fact that researchers were reporting what are believed to be the first remotely-exploitable vulnerabilities in so-called Supervisory Control And Data Acquisition (SCADA) systems.

In essence, the research forwards tangible proof of remotely exploitable flaws in products used to manage facilities such as oil and gas refineries, electrical power grids and nuclear power plants.

According to researchers with industrial security specialists Neutralbit, based in Barcelona, Spain, the company has uncovered five different problems in the OPC protocol -- the OLE (Object Linking and Embedding) for Process Control industry standard -- which is used to help foster communication of plant data between control devices made by different manufacturers.

The vulnerabilities, present in a number of systems, could allow for a range of different performance-sapping or denial-of-service type attacks on affected SCADA operations, Neutralbit reported.

More here.


Post a Comment

<< Home