Wednesday, March 23, 2011

Attack Code for SCADA Vulnerabilities Released Online


The security of critical infrastructure is in the spotlight again this week after a researcher released attack code that can exploit several vulnerabilities found in systems used at oil-, gas- and water-management facilities, as well as factories, around the world.

The 34 exploits were published by a researcher on a computer security mailing list on Monday and target seven vulnerabilities in SCADA systems made by Siemens, Iconics, 7-Technologies and DATAC.

Computer security experts who examined the code say the vulnerabilities are not highly dangerous on their own, because they would mostly just allow an attacker to crash a system or siphon sensitive data, and are targeted at operator viewing platforms, not the backend systems that directly control critical processes. But experts caution that the vulnerabilities could still allow an attacker to gain a foothold on a system to find additional security holes that could affect core processes.

SCADA, or Supervisory Control and Data Acquisition, systems are used in automated factories and in critical infrastructures. They came under increased scrutiny last year after the Stuxnet worm infected more than 100,000 computers in Iran and elsewhere.


No comments: