A newly launched security firm called ReVuln, founded by researchers Donato Ferrante and Luigi Auriemma, claims to have identified several critical vulnerabilities in the SCADA systems of companies such as Siemens, Schneider Electric and General Electric.
However, ReVuln hasn’t provided the details of the security holes to the organizations whose products are affected, because it only offers its services to companies and governments that request their aid.
This business model has become somewhat controversial, especially after French security firm VUPEN, which also deploys it, has been painted as a “mercenary” organization that sells its findings only for serious amounts of money.
In a video they’ve published, ReVuln researchers demonstrate a number of remote code execution vulnerabilities, which apparently affect General Electric, Schneider Electric, Kaskad, ABB/Rockwell, Eaton and Siemens.
They claim to own a number of additional zero-day flaws that impact other well-known SCADA and HMI vendors.
Considering the researchers’ impressive background in the security industry, it’s likely that the services they offer will live up to expectations.