More Zero Day Vulnerabilities in SCADA Systems

Wednesday, October 12, 2011



An Italian security researcher recently revealed details of several vulnerabilities affecting supervisory control and data acquisition (SCADA) systems from multiple vendors.

Luigi Auriemma has released details and proof of concept code for 6 vulnerabilities affecting popular SCADA systems.

SCADA systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants.

The vulnerabilities Auriemma discovered could allow remote execution of malicious code by attackers and cause denial of service interruptions on these critical systems.

"Most of the vulnerabilities allow remote code execution, many of them are easy to use,” – said Auriemma. “At least three vendors have released patches, and Rockwell Automation is working on it right now.”

The affected products are:

  • Beckhoff TwinCAT ‘TCATSysSrv.exe’ Network Packet Denial of Service Vulnerability
  • Rockwell RSLogix Overflow Vulnerability
  • Measuresoft ScadaPro Multiple Vulnerabilities
  • Cogent DataHub Multiple Vulnerabilities
  • AzeoTech DAQFacstory Stack Overflow
  • Progea Movicon Multiple Vulnerabilities

SCADA security in a post-Stuxnet environment has been a hot topic this year. Last May security researcher Dillon Beresford cancelled a scheduled presentation at the Takedown Conference on a SCADA exploit proof-of-concept after consulting with representatives from Siemens and the Department of Homeland Security over security concerns.

Beresford and his team's work was being described as being akin to a homemade cyber weapon comparable to the infamous Stuxnet virus. Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA systems, and the Stuxnet virus is thought to have caused severe damage to Iranian uranium enrichment facilities which reportedly set back the nation's nuclear program several years.

In March, a separate set of researchers released details on dozens of SCADA systems vulnerabilities, and some of the vulnerabilities could allow attackers access to critical data located in system configuration files, while several others would allow the remote execution of malicious code.

The unprecedented release included thirty-four proof-of-concept exploits for common SCADA software including those produced by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems.

The vulnerability dump came just one week after Russian security firm Gleg released a tool that attempts to consolidate all known SCADA exploits into one package. The tool, called Agora SCADA+, contained twenty-two modules with eleven zero-day exploits aimed specifically at SCADA system software.


Possibly Related Articles:
SCADA Zero Day Vulnerabilities Stuxnet Headlines Network Security Infrastructure Programmable Logic Controllers
Post Rating I Like this!
Craig S Wright We HAVE to start masking these public. Right now, MANY groups know of the vulnerabilities and hide them. In this, we all lose!

Good work.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.