Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

SCADA vuln imperils critical infrastructure, feds warn

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 14 Dec 2011 03:37:50 -0600 (CST)
http://www.theregister.co.uk/2011/12/14/scada_bugs_threaten_criticial_infrastructure/

By Dan Goodin in San Francisco
The Register
14th December 2011
An electronic device used to control machinery in water plants and other industrial facilities contains serious weaknesses that allow attackers to take it over remotely, the US agency that safeguards the nation's critical infrastructure has warned.
Some models of the Modicon Quantum PLC used in industrial control systems contain multiple hidden accounts that use predetermined passwords to grant remote access, the Industrial Control System Cyber Emergency Response Team said in an advisory (PDF) issued on Tuesday. Palatine, Illinois–based Schneider Electric, the maker of the device, has produced fixes from some of the weaknesses and continues to develop additional mitigations.
The PLCs, or programmable logic controllers, reside at the lowest levels of an industrial plant, where computerized sensors meet the valves, turbines, or other machinery that's being controlled. The default passwords are hard-coded into Ethernet cards the systems use to funnel commands into the devices, and temperatures and other data out of them. The Ethernet modules also allow administrators to remotely log into the machinery using protocols such as telnet, FTP, and something called the Windriver Debug port.
According to a blog post published on Monday by independent security researcher Rubén Santamarta, the NOE 100 and NOE 771 modules contain at least 14 hard-coded passwords, some of which are published in support manuals. Even in cases where the passcodes are obscured using cryptographic hashes, they are trivial to recover thanks to documented weaknesses in the underlying VxWorks operating system. As a result, attackers can exploit the weakness to log into devices and gain privileged access to its controls. 

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Previous By Date Next
Previous By Thread Next

Current thread: