ReVuln Demos SCADA Zero Day Vulnerabilities

Security firm ReVuln recently released a video demonstrating zero day vulnerabilities in SCADA systems from General Electric, Schneider Electric, Eaton, Siemens and other companies.

“According to ReVuln, the vulnerabilities allow remote code execution, remote shells access and session hijacking on the PCs that form the foundation of the SCADA installations,” The H Security reports. “If the claim is correct, attackers would have the ability to completely take over these systems since many of the control computers are inadvertently accessible over the internet due to their configurations.”

“However, ReVuln hasn’t provided the details of the security holes to the organizations whose products are affected, because it only offers its services to companies and governments that request their aid,” writes Softpedia’s Eduard Kovacs. “This business model has become somewhat controversial, especially after French security firm VUPEN, which also deploys it, has been painted as a ‘mercenary’ organization that sells its findings only for serious amounts of money.”

“However, the practice is not new,” notes Techworld’s Lucian Constantin. “It’s been known for years in the security research community that some companies and independent researchers are selling information about unpatched vulnerabilities to governments and other private buyers, but such transactions used to be done discreetly.”

“ReVuln [was] founded by independent security researcher Luigi Auriemma and former RIM security researcher Donato Ferrante,” writes Help Net Security’s Zeljka Zorz. “Auriemma is well known in the security community for his work in discovering vulnerabilities [in] any and every kind of software, but in the last few years he has been mostly focusing on ferreting out SCADA vulnerabilities and creating exploits for them.”

“Last week Russian developer Positive Technologies said 40 percent of SCADA systems ‘available from the internet’ were hackable. … The volume of SCADA vulnerabilities being uncovered makes [ReVuln’s] claims, which would have been considered fanciful two years ago, more than credible — even though they remain unproven,” writes The Register’s John Leyden.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles