Items Tagged with "SCADA"
Maritime Cybersecurity Low to Non-Existent
January 24, 2012 Added by:Joel Harding
Instead of buying a ship for the relatively cheap price of $15 million, one could simply take control of the ship remotely and guide it into a target from thousand of miles away. Imagine the boom that 135 million cubic yards of natural gas could make if an LNG ship were run aground...
Comments (12)
ICS-CERT: Multiple PLC Zero-Day Vulnerabilities
January 24, 2012 Added by:Headlines
The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...
Comments (0)
More Exposure to SCADA Devices Through Shodan
January 22, 2012 Added by:Bob Radvanovsky
Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...
Comments (3)
ICS-CERT: Rockwell Automation FactoryTalk Vulnerability
January 21, 2012 Added by:Headlines
Multiple vulnerabilities have been with proof-of-concept exploit code affecting Rockwell Automation FactoryTalk, a SCADA/HMI product. The vulnerability is exploitable by sending specially crafted packets to the server. This report was released by Luigi Auriemma...
Comments (0)
ICS-CERT: Schneider Quantum Ethernet Module Vulnerability
January 20, 2012 Added by:Headlines
Researcher Rubén Santamarta previously announced hard-coded credentials in the Schneider Electric Quantum Ethernet Module.Exploitation of these vulnerabilities may allow an attacker to gain elevated privileges, load modified firmware, or perform malicious activities on the system...
Comments (0)
DSecRG Releases WAGO PLC Zero-day Vulnerabilities
January 20, 2012 Added by:Alexander Polyakov
The DSecRG (ERPScan subdivision) researchers, in support of Project BaseCamp, have published a variety of 0-day vulnerabilities for the 750 series WAGO controller, for Wellintech KingSCADA, for and OPC Systems.NET, to draw the public attention to SCADA vulnerabilities...
Comments (1)
Hacking PLC SCADA Systems: Easy as Pushing a Button
January 20, 2012 Added by:Dan Dieterle
Metasploit is used for network security and penetration testing. There are automated options that you can use that will try numerous exploits against a system, and give you a remote shell if one works. Taking this technology and adding PLC exploits is truly scary...
Comments (1)
ICS-CERT: General Electric D20ME PLC Vulnerability
January 20, 2012 Added by:Headlines
The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...
Comments (0)
Take That Israel! All Your SCADA's Are Belong to Us!
January 20, 2012 Added by:Scot Terban
The SCADA were not in default state for passwords, and in general did not seem to be important systems - like government or large power company hardware. Hell, for that matter, none were even water facilities, which I should think in a desert would be kinda important, no?
Comments (2)
Israeli and Muslim Hackers Bring Knives to Gun Fight
January 19, 2012 Added by:Scot Terban
There was the dropping of the SCADA passwords recently, and that is more along the lines of doing something. As I wrote recently about cyberwar, the real aegis is to damage infrastructure, supply chain failure, and in the end invade or conduct military operations...
Comments (2)
ICS-CERT: Certec EDV GmbH App DoS Vulnerability
January 19, 2012 Added by:Headlines
Independent researcher Luigi Auriemma has identified a denial of service (DoS) vulnerability in Certec EDV GmbH atvise application. Certec has produced an update that resolves this vulnerability. Mr. Auriemma validated that the update resolves the vulnerability...
Comments (0)
ICS-CERT: Cogent DataHub Application Vulnerability
January 18, 2012 Added by:Headlines
A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...
Comments (0)
ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability
January 17, 2012 Added by:Headlines
Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...
Comments (0)
ICS-CERT: Open Automation Software OPC Systems Vulnerability
January 13, 2012 Added by:Headlines
Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...
Comments (0)
ICS-CERT: 3S Smart Software CoDeSys Vulnerabilities
January 10, 2012 Added by:Headlines
Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...
Comments (0)
ICS-CERT: Control System Internet Accessibility Advisory
January 09, 2012 Added by:Headlines
The use of readily available and generally free search tools significantly reduces time and resources required to identify Internet facing control systems. In turn, hackers can use these tools to easily identify exposed control systems, posing an increased risk of attack...