We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Researcher uncovers more SCADA zero-day flaws

More industrial woe

An Italian researcher has published details of a new batch of unpatched vulnerabilities found in the SCADA (Supervisory Control and Data Acquisition) products from seven different vendors.

Assessing the significance of the 14 zero-day vulnerabilities explained by Luigi Auriemma in proof-of-concept detail with exploit code is incredibly difficult to do, but they offer an unsettling picture of the flaws that seem to exist in systems normally hidden out of sight.

The companies mentioned include Beckhoff, MeasureSoft, Rockwell, Carel, Progea, AzeoTech, and Cogent, products used to control industrial systems across sectors including manufacturing, aerospace, military, and more or less any sector that might use SCADA.

Auriemma has a record of hunting down flaws in SCADA technology, having published 34 zero-day holes in March 2011. He remains unrepentant about his public disclosure of security flaws for which no patches exist.

"I like only to find them [flaws] and releasing the informations (sic) as soon as possible," he explains on his website. "And remember that I find bugs, I don't create them, the developers are the only people who create bugs (indirectly naturally) so they are ever the only responsible."

In the last year SCADA has gone from an obscure albeit important backwater of software security thanks probably to the discovery of a worm called Stuxnet, which was apparently deployed to attack systems used within the nuclear programme of Iran over a year period from the summer of 2009 onwards.

Who created it and why has been speculated on ever since, but it was clear that profit-seeking criminals were an unlikely to have been behind it. With many suspecting the involvement of a government, suddenly SCADA seemed like a vulnerable underside for systems across almost every industry in the world.

SCADA exploits, meanwhile, have continued to be made public with disturbing regularity.


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...