US Power Stations Targeted By Malware

By Robert Vamosi | 1/17/13 2:59 AM

A report by the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) states that two US power stations were the targets of malware attacks.

Read More >

DHS Warns Of Tridium Niagara AX Framework Risk

By Robert Vamosi | 7/13/12 7:43 AM

The Department of Homeland Security today warned that software used to control or monitor medical devices, elevators, video cameras, or security systems was vulnerable to attack.

Read More >

Researcher: Siemens Ignores Auth Bypass Vulnerabilities

By Robert Vamosi | 12/22/11 3:14 AM

Security researcher Billy Rios took issue on Wednesday with a Siemens statement that there are "no open issues regarding authentication bypass bugs at Siemens." What followed was a security rant on Rios' personal blog that should be very familiar by now: Here's another company that is handling its security disclosures very poorly.

Read More >

Remote SCADA Vulnerabilities Hit Schneider Electric

By Robert Vamosi | 12/14/11 4:43 AM

On Monday, a security researcher published new vulnerabilities affecting remote access to the “NOE 771” devices manufactured by Schneider Electrics, one of the world's largest manufacturer of SCADA system devices. The vulnerabilities prompted the ICS-CERT to issue an alert.

Rubén Santamarta (a.k.a. "Reverse Mode"), a 29-year old European-based independent security researcher who previously showed how to hack into the Large Hadron Collider at CERN, said that he was able to attack these devices remotely after first locating vulnerable NOE 771 devices through the SHODAN search engine and then downloading the firmware from Schneider Electric. After reverse engineering the firmware update, Santamarta found he could load a trojanized firmware update, use non-documented hidden accounts, and use other non-documented functionalities. The trouble is in how the devices access remote access commands.

Read More >

SCADA Software Vulnerable To Stack Overflows

By Robert Vamosi | 5/13/11 6:43 AM

The US Industrial Control Systems Computer Emergency Response Team (ICS-CERT) is warning of a new stack overflow in an ActiveX control used in Iconics WebHMI, Genesis32, BizViz HMI and SCADA systems.

Read More >