Trend Micro Inc. has announced that last week, the software used in SCADA environments came under renewed scrutiny, as attack code exploiting dozens of serious vulnerabilities in widely used programs, was published.
Programs sold by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems were apparently affected. In some cases, the flaws may be used to remotely execute code when the so-called supervisory control and data acquisition software is installed on machines connected to the internet. Two separate organizations released the code. The published information includes proof-of-concept exploit code for at least 34 vulnerabilities in widely used SCADA programs.
SCADA actually refers to any control system, so covers everything from Nuclear Power Plants, to the machine that sews a logo into a pair of trainers! If breached, it may pose a threat to national security, or perhaps just affect a manufacturing line. Protection for SCADA Networks needs to reflect the actual setting in which it is used.
SCADA networks span a set of industries which have traditionally enjoyed relative segmentation because process control software was closed & proprietary, and not connected to the global Internet.
In recent times, this situation has changed. These industries (e.g. manufacturing, oil & gas, water processing, etc.) are now using off-the-shelf software platforms (e.g. MS Windows) and management platforms designed & created by specific vendors (e.g. Siemens, Johnson Controls, etc.).
Additionally, new hardware designed for these environments often now includes ports such as Ethernet and in some cases the devices are even wireless equipped. This is ideal for business optimization strategies, and large installations. However, serious consideration needs to be given before activating or enabling such accessibility in critical environments.
It’s worth remembering that attackers most often target common platforms. It’s essential to protect the platform but in SCADA environments it is often difficult or impossible to patch them - as they may be legacy programs (eg. Windows 2000) or no patch is available anymore.
ITVoir NewsDesk | 
.jpg)
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
