SCADA vulnerabilities discovered by researcher

Mar. 23, 2011 -- Earlier this week, an Italian researcher released attack code exploiting a number of vulnerabilities found in a handful of SCADA systems...

Mar. 23, 2011 -- Earlier this week, an Italian researcher released attack code exploiting a number of vulnerabilities found in a handful of SCADA systems.

Security researcher Luigi Auriemma published nearly three dozen attack code sequences, or exploits, to a computer security mailing list. The code targets vulnerabilities in SCADA systems made by Siemens, Iconics, 7-Technologies and DATAC.

Experts say the vulnerabilities aren't very serious on their own, but could be used by a hacker to gain initial entry into a system to then find additional security weaknesses.

The affected systems include Siemens Tecnomatix FactoryLink, Iconics, Genesis32 and Genesis64, DATAC RealWin, and 7-Technologies IGSS.

The attacks published by Auriemma don’t directly target programmable logic controllers but would allow a hacker to mask what an operator sees on his monitor, making it appear as though everything is functioning correctly. Meanwhile, if the attacker were to exploit other vulnerabilities connected to the PLC, the operator would be unaware.

Read the full story >

###

More in Water Utility Management