programmable logic controller

DHS Warns ICS, SCADA Owners About Increase in Malicious Activity

An alert from the Department of Homeland Security late last week urges private- and public-sector industrial control system (ICS) owners to be proactive in auditing the security, particularly, authentication controls of their systems. The alert is in response to a growing concern over the number of exploit tools available online targeting ICS and SCADA systems responsible for running critical infrastructure, as well as an evolving interest from hacktivists who are using specialized search engines to find control systems reachable online.

New Tool Will Automate Password Cracks on Common SCADA Product

The fallout from last month’s S4 Conference continues in February, with a planned Valentine’s Day release of tools that make it easy to test and exploit vulnerable programmable logic controllers and other industrial control systems. Among the releases will be a tool for cracking passwords on the common ECOM programmable logic controllers by Koyo Electronics, a Japanese firm, according to a blog post by Reid Wightman for Digital Bond.

UPDATE: Looking For a ‘FireSheep’ Moment, Researchers Lay Bare Woeful SCADA Security

Miami, Florida – A no-holds barred presentation at the S4 Conference laid bare the woeful state of security for many industrial control systems that power the world’s critical infrastructure. Organizers have also cooperated with security scanning firms Rapid7 and Tenable to release modules for the Metasploit and Nessus products that can test for the discovered security holes.

Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easter egg program buried in the code that runs industrial machinery around the globe.  

UPDATE: A week after a security researcher decided to cancel a technical discussion of security holes in industrial control software from Siemens, Inc., public exploits for the vulnerabilities are on hold while the company works to shore up systems running its Simatic programmable logic controller (PLC) software.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.