Researcher Finds 23 SCADA Flaws in One Morning


Following ReVuln's recent disclosure of a series of zero day flaws in SCADA systems, Exodus Intelligence's Aaron Portnoy decided to spend a few hours on Thanksgiving morning seeing if he could find a few SCADA vulnerabilities. He found 23.

"He found a remote code execution bug and a denial-of-service (DoS) flaw in Rockwell Automation SCADA products; three remote execution flaws and one DoS bug in Schneider Electric products; a DoS flaw in Indusoft SCADA products; eight DoS flaws in Realflex SCADA products; and three remote code execution bugs, two DoS, and three file vulnerabilities in Eaton Corp. products," writes Dark Reading's Kelly Jackson Higgins.

"The most interesting thing about these bugs was how trivial they were to find," Portnoy writes. "The first exploitable 0day took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison."

"The software analyzed by Portnoy had many functions, but some could be used to monitor and control hardware within power plants, water filtration systems, airports, manufacturing facilities and other critical infrastructure," writes Network World's Antone Gonsalves.

"Portnoy hopes that his findings partially overlap with those of ReVuln, because unlike ReVuln, he plans to report the vulnerabilities to ICS-CERT, which will then coordinate the disclosure with the affected vendors," writes Computerworld's Lucian Constantin.

"[To] help improve the security of industrial systems, Portnoy is hoping to open lines of communication with ICS-CERT to gain access to industrial control software and provide vendors with better audits and assessments of possible security vulnerabilities," writes's Shaun Nichols.