Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security firm showcases vulnerabilities in SCADA software, won't report them to vendors

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 21 Nov 2012 09:18:48 -0600 (CST)
http://www.networkworld.com/news/2012/112112-security-firm-showcases-vulnerabilities-in-264456.html

By Lucian Constantin
IDG News Service
November 20, 2012
Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors.
In a video released Monday, ReVuln showcased nine "zero-day" (previously unknown) vulnerabilities which, according to the company, affect SCADA (supervisory control and data acquisition) software from General Electric, Schneider Electric, Kaskad, Rockwell Automation, Eaton and Siemens. ReVuln declined to disclose the name of the affected software products.
SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.
According to by ReVuln, the vulnerabilities it showcased Monday can allow attackers to remotely execute arbitrary code, download arbitrary files, execute arbitrary commands, open remote shells or hijack sessions on systems running the vulnerable SCADA software. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: