ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products

Researcher discloses 34 vulnerabilities, releases proof-of-concept attack code for four process control server software product lines

On the same day a researcher dropped proof-of-concept (PoC) code for 34 different vulnerabilities in major SCADA software vendors products online, ICS-CERT yesterday issued alerts for the affected products from the four vendors -- Siemens, Iconics, 7-Technologies, and DATAC.
Meanwhile, today the ICS CERT--which handles industrial control system security issues--issued yet another
SCADA alert
(PDF) for a newly discovered vulnerability in the BroadWin WebAccess system, which was disclosed by another researcher, Ruben Santamarta.
The SCADA bug wave began on Monday when researcher Luigi Auriemma released PoCs for the bugs he found, which include stack and heap overflows, integer overflows, arbitrary commands execution, format strings, double and arbitrary memory frees, memory corruptions, directory traversals, and design flaws. Many of the vulnerabilities could allow an attacker to remotely execute malicious code on these systems, which support processes in oil and gas, chemical, food and beverage, and building automation, for instance.
This was an experiment I started for curiosity and to [gauge] the interest of the security companies that pay for vulnerabilities and ICS-CERT, Auriemma says. Unfortunately, there was absolutely no interest for these bugs that otherwise would have been handled though the so-called responsible disclosure by the same companies, and so the only option remained the public full disclosure.
HD Moore, creator of Metasploit and chief security officer with Rapid7, says whats especially striking about Auriemmas disclosure is that he covered four different SCADA vendors, and all of the products appear to contain similar vulnerabilities -- stack overflows, denial-of-service, and directory traversal, for example.
This [covers] every stupid vulnerability out there in one day. Its amazing because its not just one class of vulns: Its every class of vulnerability, Moore says.
Auriemmas
disclosure
prompted the
ICS-CERT to issue four alerts
covering six vulnerabilities in Siemens Tecnomatix FactoryLink, 13 vulnerabilities in Iconics Genesis, eight vulnerabilities in 7-Technologies IGSS, and seven vulnerabilities in RealFlexs RealWin.
SCADA products are typically notoriously riddled with vulnerabilities, and many SCADA vendors are slow to patch. But the Stuxnet worm and subsequent research on how the attack was targeting Iraqs nuclear plant operations has put SCADA and process-control systems in the spotlight.
I have seen [rising] interest in SCADA after Stuxnet. Probably some years ago a post like mine would have been passed almost in silence, Auriemma says.
Even so, he says worries about SCADA security have been overblown, and hes not concerned that his disclosure will lead to abuse, mainly because most SCADA systems operate on private networks and dont have Internet access. That would require an attacker to first get past that obstacle, he says, and SCADA systems require specific know-how.
Stuxnets USB-based vector, however, demonstrated how those obstacles are not insurmountable.
Auriemma says he had discovered vulnerabilities in three other SCADA products prior to this project, and that he owns other code-execution bugs for additional SCADA products that he has not yet disclosed.
Meantime, while researcher Santamarta has released exploit code for the BroadWin bug, ICS-CERT said BroadWin has been unable to confirm the vulnerability. ICS-CERT is continuing to work with BroadWin to develop a solution to effectively mitigate this reported vulnerability, the alert said.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
ICS-CERT Issues Warnings On Vulnerabilities In Siemens, Other SCADA Products