http://www.theregister.co.uk/2008/06/12/scada_vuln_discovered/
By Dan Goodin in San Francisco
The Register
12th June 2008
Gasoline refineries, manufacturing plants and other industrial
facilities that rely on computerized control systems could be vulnerable
to a security flaw in a popular piece of software that in some cases
allows attackers to remotely take control of critical operations and
equipment.
The vulnerability resides in CitectSCADA, a software product used to
manage industrial control mechanisms known as SCADA, or Supervisory
Control And Data Acquisition, systems. As a result, companies in the
aerospace, food, manufacturing and petroleum industries that rely on
Citect's SCADA products may be exposing critical operations to outsiders
or disgruntled employees, according to Core Security, which discovered
the bug.
Citect and Computer Emergency Response Teams (CERTs) in the US,
Argentina and Australia are urging organizations [1] that rely on
CitectSCADA to contact the manufacturer to receive a patch. In cases
where installing a software update is impractical, organizations can
implement workarounds.
In theory, the bug should be of little consequence, since there is
general agreement that SCADA systems, remote terminal units and other
critical industrial controls should never be exposed to the internet.
But "in the real world, in real scenarios, that's exactly what happens,
because corporate data networks need to connect to SCADA systems to
collect data that's relevant to running the business," said Ivan Arce,
CTO of Core. "Those networks in turn may be connected to the internet."
Wireless access points also represent a weak link in the security chain,
he said, by connecting to systems that are supposed to be off limits.
It's the second vulnerability Core has found in a SCADA system in as
many months. In May, the security company warned of a flaw in monitoring
software known as InTouch SuiteLink that put power plants at risk of
being shut down by miscreants. Also last month, the organization that
oversees the North American electrical grid took a drubbing [2] by US
lawmakers concerned it isn't doing enough to prevent cyber attacks that
could cripple the country.
The scrutiny comes as more and more operators try to cut costs and boost
efficiency by using SCADA systems to operate equipment using the
internet or telephone lines. The technology has its benefits, but it may
also make the critical infrastructure vulnerable to cyber attacks by
extortionists, disgruntled employees and terrorists.
The flaw in CitectSCADA is related to a lack of proper length-checking
that can result in a stack-based buffer overflow. Attackers who send
specially crafted data packets can execute malicious code over the
vulnerable system, according to Core, maker of the Core Impact
penetration testing product. ®
[1] http://www.kb.cert.org/vuls/id/476345
[2] http://www.theregister.co.uk/2008/05/22/electrical_grid_vulnerable/
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Comments