Saturday, March 24, 2007

SCADA Protocol Handling Flaw Discovered

Via eWeek.com -

Researchers on March 21 announced that the systems which control dams, oil refineries, railroads and nuclear power plants have a vulnerability that could be used to cause a denial of service or a system takeover.

The flaw, reported by
Neutralbit, is the first remotely exploitable SCADA security vulnerability, according to the security services provider. SCADA (supervisory control and data acquisition) is a large-scale, distributed measurement and control system used to monitor or control chemical or transport processes in municipal water supply systems, to control electric power generation, transmission and distribution, gas and oil pipelines and other distributed processes. Wikipedia has a schematic of SCADA here.

Neutralbit identified the vulnerability in
NETxAutomation NETxEIB OPC (OLE for Process Control) Server. OPC is a Microsoft Windows standard for easily writing GUI applications for SCADA. It's used for interconnecting process control applications running on Microsoft platforms. OPC servers are often used in control systems to consolidate field and network device information.

Neutralbit reports that the flaw is caused by improper validation of server handles, which could be exploited by an attacker with physical or remote access to the OPC interface to crash an affected application or potentially compromise a vulnerable server. Neutralbit has also recently published
five vulnerabilities having to do with OPC.

This isn't the first time that this vital bit of national infrastructure has gotten a black eye. Errata President Robert Graham published a scathing report last year titled "SCADA Security and Terrorism: We're Not Crying Wolf." In that report and in his more recent blog, he called SCADA "completely open to attack, especially OPC."

------------------------------

Someone must have seen a preview of Live Free or Die Hard. Funny, but I just noticed HD Moore's CanSecWest speech - Live Free or Hack Hard: Metasploit 2007.

Awesome....

No comments:

Post a Comment