Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2012/01/scada-exploits/

By Kim Zetter
Threat Level
Wired.com
January 19, 2012

MIAMI, Florida -- A group of researchers has discovered serious security 
holes in six top industrial control systems used in critical 
infrastructure and manufacturing facilities and, thanks to exploit 
modules they released on Thursday, have also made it easy for hackers to 
attack the systems before they’re patched or taken offline.

The vulnerabilities were found in widely used programmable logic 
controllers (PLCs) made by General Electric, Rockwell Automation, 
Schneider Modicon, Koyo Electronics and Schweitzer Engineering 
Laboratories.

PLCs are used in industrial control systems to control functions in 
critical infrastructure such as water, power and chemical plants; gas 
pipelines and nuclear facilities; as well as in manufacturing facilities 
such as food processing plants and automobile and aircraft assembly 
lines.

The vulnerabilities, which vary among the products examined, include 
backdoors, lack of authentication and encryption, and weak password 
storage that would allow attackers to gain access to the systems. The 
security weaknesses also make it possible to send malicious commands to 
the devices in order to crash or halt them, and to interfere with 
specific critical processes controlled by them, such as the opening and 
closing of valves.

[...]

_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn