Researchers Demo SCADA Security Flaws
The flaws range from privilege escalation bugs to denial of service vulnerabilities.
At the 2012 SCADA Security Scientific Symposium (S4) last week, researchers demonstrated a wide range of unpatched vulnerabilities in industrial control systems.
"The vulnerabilities ranged from information disclosure and privilege escalation bugs to remote denial-of-service (DoS) and arbitrary code execution flaws," writes Computerworld's Lucian Constantin.
"The research team, which included Reid Wightman, Dillon Beresford, Jacob Kitchel, Ruben Santamarta and two other researchers who chose to remain anonymous, worked as part of a project called Basecamp that was sponsored by industrial control systems (ICS) security firm Digital Bond," Constantin writes. "The tested products were Control Microsystems' SCADAPack, the General Electric D20ME, the Koyo / Direct LOGIC H4-ES, Rockwell Automation's ControlLogix and MicroLogix, the Schneider Electric Modicon Quantum and Schweitzer's SEL-2032."
Go to "Researchers expose flaws in popular industrial control systems" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.