UK critical infrastructure at risk from SCADA security flaw

[InfoSec News <alerts () infosecnews org>]

http://www.v3.co.uk/v3-uk/news/2323339/uk-critical-infrastructure-at-risk-from-scada-security-flaw

By Alastair Stevenson
V3.co.uk
16 Jan 2014

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 
has called for businesses involved in critical infrastructure to be extra 
vigilant as it investigates a potential critical flaw in a commonly used 
SCADA system.

ICS-CERT issued the warning in a security advisory after security 
researcher Luigi Auriemma uncovered a vulnerability that left many of the 
world's SCADA systems at risk.

"ICS-CERT is aware of a public report of a buffer overflow vulnerability 
with proof-of-concept (PoC) exploit code affecting Ecava IntegraXor, a 
supervisory control and data acquisition/human-machine interface 
(SCADA/HMI) product," said the advisory.

"IntegraXor is currently used in several areas of process control in 38 
countries with the largest installation based in the United Kingdom, 
United States, Australia, Poland, Canada, and Estonia. ICS-CERT recommends 
that users take defensive measures to minimise the risk of exploitation of 
these vulnerabilities."

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/