[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Security firm showcases vulnerabilities in SCADA software, won't report them to vendors


By Lucian Constantin
IDG News Service
November 20, 2012

Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors.

In a video released Monday, ReVuln showcased nine "zero-day" (previously unknown) vulnerabilities which, according to the company, affect SCADA (supervisory control and data acquisition) software from General Electric, Schneider Electric, Kaskad, Rockwell Automation, Eaton and Siemens. ReVuln declined to disclose the name of the affected software products.

SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.

According to by ReVuln, the vulnerabilities it showcased Monday can allow attackers to remotely execute arbitrary code, download arbitrary files, execute arbitrary commands, open remote shells or hijack sessions on systems running the vulnerable SCADA software.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!