Friday, May 9, 2008

Scada Wonderware Vulnerability

Security watchers warn of a rare vulnerability involving software
used to control industrial systems. A denial of service vulnerability
in monitoring software from Invensys poses a severe risk to the
factories and utilities running its Wonderware subsidiary's InTouch
SuiteLink application.
Windows versions of the package use a common software component, the
SuiteLink Service, to allow components using a proprietary protocol to
talk together over TCP/IP networks.

document.write('x3Cscript src=";cta='+cta+';ctb='+ctb+';ctc='+ctc+';sc='+sc+';cid='+cid+';'+RegExCats+GetVCs()+'pid='+RegId+RegDT+';'+RegKW+'maid='+maid+';test='+test+';pf='+RegPF+';dcove=d;sz=336x280;tile=3;ord=' + rand + '?" type="text/javascript">x3C/script>')A security bug means hackers that are able to connect to the
SuiteLink service TCP port can shut it down by sending a malformed
packet, according to Core Security, the security tools firm that
discovered the vulnerability. It's unclear whether or not the bug creates a means for hackers to inject hostile code onto vulnerable systems.
Even the possibility that hackers could shut down SCADA (Supervisory
Control And Data Acquisition) systems remotely, and without needing to
get past password checks, is bad enough in itself. According to
Wonderware's website, one third of the world’s industrial plants run
its software.
The US Department of Homeland Security rated the vulnerability as a high risk bug, in a security alert issued on Tuesday. The SANS Institute's Internet Storm Centre advises admins to patch vulnerable systems as soon as possible.
Vulnerabilities in consumer and business software are commonplace
while bugs involving industrial control software are rare. Security
firms, most notably Symantec, are trying to expand from their
traditional markets into the sale of kit to protect SCADA systems,
which are increasingly controlled over IP networks and therefore (at
least in theory) more vulnerable to attack

Kutipan dari bikin miris jika faktor sekuritas diabaikan. Dulu sewaktu kuliah sempat belajar bermain dengan SCADA, harga sangat mahal(Mungkin karena mahal, gak ada yang mampu beli sehingga expose vulnerability tidak terlalu banyak), dan memang sangat memudahkan jika diimplementasikan dalam sebuah sistem. Di Indonesia sepertinya sudah banyak yang menggunakannya, setahu saya adalah FreePort, dan mungkin beberapa Power Plant seperti Python.

Nah kalau semua seperti ini apakah faktor sekuritas akan diabaikan, dan yang penting user happy?

Wonderware SuiteLink Denial of Service vulnerability
Vulnerability Summary CVE-2008-2005

Industrial Control Systems Vulnerability


Post a Comment