Information Security News mailing list archives
Security firm showcases vulnerabilities in SCADA software, won't report them to vendors
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 21 Nov 2012 09:18:48 -0600 (CST)
http://www.networkworld.com/news/2012/112112-security-firm-showcases-vulnerabilities-in-264456.html By Lucian Constantin IDG News Service November 20, 2012Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors.
In a video released Monday, ReVuln showcased nine "zero-day" (previously unknown) vulnerabilities which, according to the company, affect SCADA (supervisory control and data acquisition) software from General Electric, Schneider Electric, Kaskad, Rockwell Automation, Eaton and Siemens. ReVuln declined to disclose the name of the affected software products.
SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.
According to by ReVuln, the vulnerabilities it showcased Monday can allow attackers to remotely execute arbitrary code, download arbitrary files, execute arbitrary commands, open remote shells or hijack sessions on systems running the vulnerable SCADA software.
[...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!http://www.shopinfosecnews.org
Current thread:
- Security firm showcases vulnerabilities in SCADA software, won't report them to vendors InfoSec News (Nov 21)