Researcher Finds Nearly Two Dozen SCADA Bugs In a Few Hours

Trailrunner7 writes "It is open season on SCADA software right now. Last week, researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric. And now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work."

Re:segmentation

This is why SCADA needs to be built out separately from your data network.

While that is indisputably a good idea, it does not cover all the bases. Disgruntled employees, industrial espionage, and state-sponsored sabotage (in the case of critical or defense industries) won't let a silly air gap stop them.

As Iran learned at its peril.

Re:WTF is SCADA then?

[RobbieCrash]

Where's the lazy editing? It's not like this is the first SCADA story on /.. Are we going to start defining every non-everyday term in a summary?

"Researchers have identified a hole (an overlooked security concern) in the TCP (Transmission Control Protocol a system of information transmission that aids in reliable data transfer) layer (a metaphorical layer in a sandwich of other layers each of which pertain to certain elements of the network stack (the combination of hardware (physical parts of a computer) and software (the computer code that resides on a computer's storage that makes up a computer program) that allow a computer to /talk/ to another computer over a network)) of Windows (a computer operating system (a complex computer program that coordinates and translates software requests into hardware actions))."

Re:firewalls!

[tlhIngan]

Everyone knows about the holes, including the manufacturers. They're designed to operate on controlled, private networks. Every time someone gets hacked, they should go after the implementors, not the vendors as they should factor security onto their site designs. I'm not excusing the manufacturers, just people need to know this is engineering and not infosec - people buy black boxes which do stuff and that's all that matters to them.

The problem is even airgapped networks can be broken into. See stuxnet and flame - they exploited several machanisms to install themselves onto airgapped networks. It also went to show that even airgaps can be broken into if you don't need much in the way of return information - you just need to get onto the network, and not send data back out. Heck, the USAF had their UAV computers infected with a virus.

The weakest part of an airgapped network is the maintenance thereof - add some new PLCs to the network? Well, they have to be configured to work with everything else, so someone has to plug something into it to configure it. And that something is unknown - it could be a technician's laptop, it could be a thumb drive, etc.

The thing is, an airgapped network has to be maintained, and it's really hard to do so without at some point having to plug something in-between the gap. (For Stuxnet, it was a software update or other thing, for the USAF, it was... map updates). And at some point, data has to be transported across

Heck, even the thumbdrive isn't invulnerable - it could for example be infected during manufacturing.

In the end, all networks are interconnected. Some less so than others, but eventually they will have to be in some shap or form.