Information Security News
mailing list archives
Security firm showcases vulnerabilities in SCADA software, won't report them to vendors
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 21 Nov 2012 09:18:48 -0600 (CST)
By Lucian Constantin
IDG News Service
November 20, 2012
Malta-based security start-up firm ReVuln claims to be sitting on a
stockpile of vulnerabilities in industrial control software, but prefers
to sell the information to governments and other paying customers
instead of disclosing it to the affected software vendors.
In a video released Monday, ReVuln showcased nine "zero-day" (previously
unknown) vulnerabilities which, according to the company, affect SCADA
(supervisory control and data acquisition) software from General
Electric, Schneider Electric, Kaskad, Rockwell Automation, Eaton and
Siemens. ReVuln declined to disclose the name of the affected software
SCADA software runs on regular computers, but is used by owners of
critical infrastructure and other various types of industrial facilities
to monitor and control industrial processes.
According to by ReVuln, the vulnerabilities it showcased Monday can
allow attackers to remotely execute arbitrary code, download arbitrary
files, execute arbitrary commands, open remote shells or hijack sessions
on systems running the vulnerable SCADA software.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Security firm showcases vulnerabilities in SCADA software, won't report them to vendors InfoSec News (Nov 21)