More vulnerabilities found in SCADA systems
Italian security specialist Luigi Auriemma, who in March this year exposed 35 vulnerabilities in SCADA (Supervisory Control And Data Acquisition) products from Siemens and others, has now released another set of 13 vulnerabilities, together with exploit code as proof-of-concept, affecting eight different SCADA products. His findings have prompted the release of security advisories from the US Department of Homeland Security's ICS-CERT.
The new advisories cover: Beckhoff TwinCAT 126.96.36.1994, Rockwell RSLogix 19, Measuresoft ScadaPro 4.0.0, Cogent DataHub 188.8.131.52 and Azeotech DAQFactory 5.85. Auriemma also finds vulnerabilities in Progea Movicon 11.2.1085 and Carel PlantVisor 2.4.4. Some of his advisories point to possible Denial-of-Service (DoS) or remote code execution as possible dangers. The programs listed are used in a variety of industries, including various utilities, manufacturing systems and by financial institutions.
- Another zero-day exploit for SCADA systems, a report from The H.