SCADA, ICS and HMI vulnarabilities

Last week an Italian researcher, Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products. “Selling the concept of security for SCADA and ICS might still be struggling, but publishing vulnerabilities for SCADA and ICS equipment seems to be a growth industry.” according to the Eric Byres of Byres Security on their blog The Italian job!, on 23rd March 2011.

Last Friday Joel Langill CSO of  SCADAhacker.com blogged on Protecting your ICONICS GENESIS SCADA HMI System from Security Vulnerabilities as they published a white paper providing six actions (also known as compensating controls) that users of ICONICS GENESIS products should take to protect their systems. Operators of other HMI products were advised to consider similar measures.

This morning Byes and Langill have released another White Paper, Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals, that may be important in protecting Industrial Control and SCADA Systems.

This paper analyses the vulnerabilities of the 7-Technologies IGSS SCADA/HMI system published by Auriemma. Moreover they state even if readers do not have this vendor’s products, it may be helpful to review the six Compensating Controls recommended, and apply ones that are relevant for their systems. They say: “Initial analysis seems to indicate that these vulnerabilities only affect IGSS Versions 8 and 9.  This is due primarily to the fact that these vulnerabilities focus on a single IGSSdataServer application that is not believed to have existed in prior versions of the software.  Until the vendor has posted an official response to these vulnerabilities, increased security diligence should be used based on the recommendations provided in this document.”

Due to the sensitive nature of this white paper, Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals, you must be logged in to the tofino.com site to access it.

See also: SCADA Vulnerabilities for 7-Technologies on the ISS Source website.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: