We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Researcher uncovers more SCADA zero-day flaws

More industrial woe

An Italian researcher has published details of a new batch of unpatched vulnerabilities found in the SCADA (Supervisory Control and Data Acquisition) products from seven different vendors.

Assessing the significance of the 14 zero-day vulnerabilities explained by Luigi Auriemma in proof-of-concept detail with exploit code is incredibly difficult to do, but they offer an unsettling picture of the flaws that seem to exist in systems normally hidden out of sight.

The companies mentioned include Beckhoff, MeasureSoft, Rockwell, Carel, Progea, AzeoTech, and Cogent, products used to control industrial systems across sectors including manufacturing, aerospace, military, and more or less any sector that might use SCADA.

Auriemma has a record of hunting down flaws in SCADA technology, having published 34 zero-day holes in March 2011. He remains unrepentant about his public disclosure of security flaws for which no patches exist.

"I like only to find them [flaws] and releasing the informations (sic) as soon as possible," he explains on his website. "And remember that I find bugs, I don't create them, the developers are the only people who create bugs (indirectly naturally) so they are ever the only responsible."

In the last year SCADA has gone from an obscure albeit important backwater of software security thanks probably to the discovery of a worm called Stuxnet, which was apparently deployed to attack systems used within the nuclear programme of Iran over a year period from the summer of 2009 onwards.

Who created it and why has been speculated on ever since, but it was clear that profit-seeking criminals were an unlikely to have been behind it. With many suspecting the involvement of a government, suddenly SCADA seemed like a vulnerable underside for systems across almost every industry in the world.

SCADA exploits, meanwhile, have continued to be made public with disturbing regularity.


IDG UK Sites

Microsoft Band UK release date and price rumours, features and specs: Microsoft smartwatch unveiled

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015