Exploits for scores of vulnerabilities in supervisory control and data acquisition software (SCADA) were made public on Monday, according to a report by The Register.
34 holes were published on Seclists.org’s Bugtraq mailing list for programs by Siemens, Iconics, 7-Technologies, Datac and Control Microsystems. While some of the flaws allow remote code execution, others enable targeted attacks through buffer and heap overflows. The exploits were disclosed along with proof-of-concept codes by Italian researcher Luigi Auriemma.
SCADA systems have taken a more pronounced hit from attackers since last year when some of Siemens’ control software was targeted by the now notorious Stuxnet worm. While its been emphasized that SCADA manufacturers need to take a harder look at the security of their software, the fallout surrounding Stuxnet is still encouraging curious researchers.
For more on this, head over to The Register.