14 DAY TRIAL // A security researcher has publicly disclosed 34 serious and critical vulnerabilities in multiple SCADA software applications together with proof-of-concept exploit code.
Italian security researcher Luigi Auriemma stirred up controversy two days ago when he published detailed information about vulnerabilities in several SCADA products.
The flaws were discovered as part of a personal experiment, but more remarkable is that, according to Auriemma, he had zero prior experience with such programs.
Of course, Auriemma is a very competent researcher and supervisory control and data acquisition (SCADA) software is not fundamentally different than any other software.
What sets it apart, however, is its purpose - controlling critical equipment in oil and gas refineries, water processing and power plans, factories and even nuclear facilities.
"SCADA is a critical field but nobody really cares about it. That's also the reason why I have preferred to release these vulnerabilities under the full-disclosure philosophy," Auriemma told The Register.
"In technical terms the SCADA software is just the same as any other software used everyday, so with inputs [...] and vulnerabilities: stack and heap overflows, integer overflows, arbitrary commands execution, format strings, double and arbitrary memory frees, memory corruptions, directory traversals, design problems and various other bugs," he wrote in the release announcement.
Most of the identified vulnerabilities can be leveraged to execute arbitrary code and Auriemma includes proof-of-concept exploits for all of them.
The affected products include Siemens Tecnomatix FactoryLink, Iconics GENESIS32 and GENESIS64, 7-Technologies IGSS and DATAC RealWin.
The disclosures comes a few days after a Russian security company called GLEG released a product which promises to collect exploits for all known SCADA vulnerabilities in a single pack that also include zero-days.
Researchers have started sounding the alarm about SCADA vulnerabilities several years ago, but until last year when the notorious Stuxnet industrial espionage malware was discovered, attacks against such systems were considered only theoretical.