Researcher Discovers New SCADA Vulnerabilities

Monday, September 19, 2011



According to a report by CNet, Italian researcher Luigi Auriemma has discovered multiple SCADA system vulnerabilities and released proof-of-concept code, spurring the US government to issue security advisories.

SCADA systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants.

"He's finding a bunch of software that hasn't really considered security before. A lot of vendors still believe that their products are protected in spaces where attackers can't get to," said UtiliSec's Justin Searle.

The vulnerabilities Auriemma discovered could allow remote execution of malicious code by attackers and cause denial of service interruptions on these critical systems.

"Many of the bigger ICS vendors have addressed this issue in recent years, and the new product-protocol stacks are often more robust. That said, there is a ton of legacy stuff out there with this problem and a large number of vendors still have not seen the light," security expert Dale Peterson told CNet.

Last May security researcher Dillon Beresford cancelled a scheduled presentation at the Takedown Conference about Supervisory Control and Data Acquisition (SCADA) exploit proof-of-concept after consulting with representatives from Siemens and the Department of Homeland Security over security concerns.

Beresford and his team's work was being described as being akin to a homemade cyber weapon comparable to the infamous Stuxnet virus. Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA system, and the Stuxnet virus is thought to have caused severe damage to Iranian uranium enrichment facilities which reportedly set back the nation's nuclear program several years.

Beresford subsequently issued some harsh criticism regarding the manner in which Siemens handled the disclosure of the vulnerabilities, which are related to the company's programmable logic controllers (PLCs).

In March, a separate set of researchers released details on dozens of SCADA systems vulnerabilities, and some of the vulnerabilities could allow attackers access to critical data located in system configuration files, while several others would allow the remote execution of malicious code.

The unprecedented release included thirty-four proof-of-concept exploits for common SCADA software including those produced by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems.

The vulnerability dump came just one week after Russian security firm Gleg released a tool that attempts to consolidate all known SCADA exploits into one package. The tool, called Agora SCADA+, contained twenty-two modules with eleven zero-day exploits aimed specifically at SCADA system software.

"Finding zero-day (previously unknown holes) in SCADA software is like nuking fish in a barrel. People purchasing these systems need to push back on suppliers and ask them what they are doing to secure the system before selling it to customers," said Chris Wysopal, CTO for Veracode.

Possibly Related Articles:
SCADA Vulnerabilities Exploits Headlines Network Security Infrastructure Proof of Concept Programmable Logic Controllers
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.