SCADA Watch: Security Hole Exposes Utilities to Internet Attack
An AP newswire article by Jordan Robertson, via Wired.com, reports that:
Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday.More here.
Experts with Boston-based Core Security Technologies, who discovered the deficiency and described it exclusively to The Associated Press before they issued a security advisory, said there's no evidence anyone else found or exploited the flaw.
Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem.
But the vulnerability could have counterparts in other so-called supervisory control and data acquisition, or SCADA, systems. And it's not clear whether all Citect clients have installed the patch.