Dozens of SCADA Exploits, Proof-of-concept Code Published

[img_assist|nid=7026|title=|desc=|link=none|align=right|width=96|height=96]Exploits for scores of vulnerabilities in supervisory control and data acquisition software (SCADA) were made public on Monday, according to a report by The Register.

Exploits for scores of vulnerabilities in supervisory control and data acquisition software (SCADA) were made public on Monday, according to a report by The Register.

34 holes were published on Seclists.org’s Bugtraq mailing list for programs by Siemens, Iconics, 7-Technologies, Datac and Control Microsystems. While some of the flaws allow remote code execution, others enable targeted attacks through buffer and heap overflows. The exploits were disclosed along with proof-of-concept codes by Italian researcher Luigi Auriemma.

SCADA systems have taken a more pronounced hit from attackers since last year when some of Siemens’ control software was targeted by the now notorious Stuxnet worm. While its been emphasized that SCADA manufacturers need to take a harder look at the security of their software, the fallout surrounding Stuxnet is still encouraging curious researchers.

For more on this, head over to The Register.

Suggested articles

Discussion

  • LOL@Luigi on

    Luigi -- You obviously lack the ability to show restraint, your comments about ICS-CERT are completely wrong and your justification on Bugtraq for releasing proof of concept code is without merit. This was a bad mistake on your part. You will find no restraint when the press comes down on you for acting irresponsibly. Not impressed... FAIL on a pocket full of wins for you.

07/21/18 8:00
How #cyberinsurance changes the conversation around risk: https://t.co/a6hKWUWuNG

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.