Researcher discloses zero-day flaws in SCADA systems

Flaws disclosed in product from Rockwell, 5 alternative vendors

An Italian security researcher in the week disclosed details of many zero-day vulnerabilities he discovered in Supervisory management and information Acquisition (SCADA) product from multiple vendors, a disclosure that is seemingly to strengthen issues regarding crucial infrastructure weaknesses.

This is the second such disclosure by researcher Luigi Auriemma this year. In March, he disclosed similar vulnerabilities in SCADA product from Siemens, Iconics, 7-Technologies and Datac. His disclosure prompted the US-Computer Emergency Response Team (US-CERT) to issue four alerts warning regarding the vulnerabilities.

The most recent flaws discovered by Auriemma have an effect on SCADA product from six vendors, together with Rockwell Automation, Cogent Datahub, Measuresoft and Progea. many of the failings may enable remote execution attacks and denial-of-service attacks against the vulnerable systems.

In emailed comments, Auriemma said that nearly all of the vulnerabilities he discovered are remote code execution flaws that enable attackers to run code of their selection on the vulnerable systems. just one of the failings may be a denial-of-service vulnerability. It's still unclear whether or not the flaw in Rockwell's product may enable code execution, Auriemma said.



The researcher described a number of the failings as being simple to take advantage of. With "one of them, [it] is simply enough to kind the command you wish to execute remotely whereas the others are classical easy-to-exploit bugs. In some cases, the exploitation may be a bit harder," Auriemma said.

Auriemma said that he has not contacted any of the vendors regarding his findings. "This was solely a fast experiment during which I dedicated some minutes for every product." a minimum of 3 of the vendors have already issued fixes, whereas Rockwell is functioning on one, he said.

The disclosures prompted US-CERT's Industrial management Systems Cyber Emergency Response Team to issue advisories regarding the failings.

SCADA systems are used to regulate crucial equipment at power corporations, producing facilities, water treatment plants and elsewhere. Security analysts concern that attacks against such systems may cripple crucial infrastructure services like electricity and public water provides.

The Stuxnet worm, that exploited a weakness during a Siemens management system to disrupt operations at an Iranian nuclear plant is usually cited as an example of the type of injury which will be wreaked via vulnerable SCADA systems.

The latest vulnerabilities largely exist in free or low-cost Windows-based engineering workstations that are used as interfaces to backend management systems, consistent with an analysis by Digital Bond, a consulting firm specializing on top of things system security.

One of the vulnerable product -- Rockwell's RSLogix system -- was described by Digital Bond as a workstation used to configure industrial management systems that are deployed widely in crucial infrastructure. Most of the others are smaller, add-on and information transfer product that are "used in either terribly little systems or as an addition/accessory to a bigger system," Digital Bond said.

All of the vulnerabilities disclosed by Auriemma exist within the so-called Human Machine Interface (HMI) systems used to manage industrial management systems, said Joseph Weiss, managing partner at Applied management Systems LLC and author of the book Protecting Industrial management Systems from Electronic Threat.

"Vulnerabilities in HMI systems aren't novel," however they ought to not be minimized, he said. Such vulnerabilities will be used to induce at the downstream management system, he said.

"You will use the HMI to induce to the management device and you'll use the management device to induce to the HMI," he said. while not additional analysis, it's timely to mention whether or not the failings discovered by Auriemma are extremely crucial or not, he said. lots depends on the type of applications that the affected systems are used, he said.

"Rockwell may be a major manufacturer. they create lots of systems, a number of that are employed in extremely crucial applications," he added.

A spokesman from Rockwell said the corporate would unleash a press release soon.