Thanksgiving SCADA Bug Hunt

Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day

A security researcher easily found 23 bugs in major SCADA products while roasting his turkey on Thanksgiving Day.
Aaron Portnoy, vice president of research at Exodus Intelligence, says he decided to dig up as many zero-day flaws in SCADA products as he could while his Thanksgiving dinner was in the oven. The plan: to report the bugs to ICS-CERT, which then would work with the vendors to get the bugs fixed.
It was the recent uptick in SCADA bug disclosures -- such as
those of vulnerability sellers ReVuln
-- that prompted Portnoys holiday bug hunt. We just recently took a shot at finding as many as we could to overlap with their discoveries and intend to report them all to the affected vendors so that issues in such critical infrastructure are not being sold on the open market, Portnoy says.
He found a remote code execution bug and a denial-of-service (DoS) flaw in Rockwell Automation SCADA products; three remote execution flaws and one DoS bug in Schneider Electric products; a DoS flaw in Indusoft SCADA products; eight DoS flaws in Realflex SCADA products; and three remote code execution bugs, two DoS, and three file vulnerabilities in Eaton Corp. products.
And cooking the turkey took way longer than rooting out the vulnerabilities: Portnoy found the first exploitable zero-day bug seven minutes after installing the software. The most interesting thing about these bugs was how trivial they were to find, he says. It was harder to find the software to test than it was to discover the flaws in the software, he says.
It took the discovery of Stuxnet to shake up SCADA security. Finding SCADA vulnerabilities is all the rage today: Twenty times more software flaws have been discovered in industrial-control systems (ICS)/SCADA systems since Stuxnets was unearthed in 2010. And Siemens, the vendor whose PLC system was Stuxnets ultimate target, has patched 92 percent of reported vulnerabilities in its products over the past seven years, according to
data gathered by Positive Technologies Security
. Some 64 vulnerabilities were discovered and reported in industrial-control system products by the end of 2011, while only nine were reported between 2005 and 2011. And between January and August of this year, some 98 bugs were reported, according to Positive Technologies.
Portnoy plans to ask ICS-CERT to set up a repository of SCADA software product, or at the least a list, for researchers so they can vet the products under responsible disclosure practices.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Thanksgiving SCADA Bug Hunt