Exploits for scores of vulnerabilities in supervisory control and data acquisition software (SCADA) were made public on Monday, according to a report by The Register.

34 holes were published on Seclists.org’s Bugtraq mailing list for programs by Siemens, Iconics, 7-Technologies, Datac and Control Microsystems. While some of the flaws allow remote code execution, others enable targeted attacks through buffer and heap overflows. The exploits were disclosed along with proof-of-concept codes by Italian researcher Luigi Auriemma.

SCADA systems have taken a more pronounced hit from attackers since last year when some of Siemens’ control software was targeted by the now notorious Stuxnet worm. While its been emphasized that SCADA manufacturers need to take a harder look at the security of their software, the fallout surrounding Stuxnet is still encouraging curious researchers.

For more on this, head over to The Register.

Categories: Vulnerabilities

Comment (1)

  1. LOL@Luigi

    Luigi — You obviously lack the ability to show restraint, your comments about ICS-CERT are completely wrong and your justification on Bugtraq for releasing proof of concept code is without merit. This was a bad mistake on your part. You will find no restraint when the press comes down on you for acting irresponsibly. Not impressed… FAIL on a pocket full of wins for you.

Comments are closed.