Attack Code for SCADA Vulnerabilities Released Online
“The security of critical infrastructure is in the spotlight again this week after a researcher released attack code that can exploit several vulnerabilities found in systems that are used at oil, gas and water management facilities as well as manufacturing facilities around the world.
The exploits, 34 in number, were published by a researcher on a computer security mailing list on Monday and target seven vulnerabilities in SCADA systems made by Siemens, Iconics, 7-Technologies and DATAC.
Computer security experts who examined the code say the vulnerabilities are not highly dangerous on their own, since they would mostly just allow an attacker to crash a system or siphon sensitive data, and are targeted at operator viewing platforms, not the back-end systems that directly control critical processes. But experts caution that the vulnerabilities could still allow an attacker to gain a foothold on a system to find additional security holes that could affect core processes.”