Forgot your password?
typodupeerror
Bug Security

Bugs In SCADA Software Leave 7,600 Factories Vulnerable 70

Posted by timothy
from the about-that-skeleton-key dept.
mspohr (589790) writes with this news from the BBC: "The discovery of bugs in software used to run oil rigs, refineries and power plants has prompted a global push to patch the widely used control system. The bugs were found by security researchers and, if exploited, could give attackers remote access to control systems for the installations. The U.S. Department of Homeland Security said an attacker with 'low skill' would be able to exploit the bugs. About 7,600 plants around the world are using the vulnerable software. 'We went from zero to total compromise,' said Juan Vazquez, a researcher at security firm Rapid7 who, with colleague Julian Diaz, found several holes in Yokogawa's Centum CS 3000 software which was first released to run on Windows 98 to monitor and control machinery in many large industrial installations. The researchers also explored other SCADA software: 'We ended up finding over 1,000 bugs in 100 days.'" The vulnerabilities reported are in Yokogawa's Centum CS 300 industrial control software.
This discussion has been archived. No new comments can be posted.

Bugs In SCADA Software Leave 7,600 Factories Vulnerable

Comments Filter:
  • by davester666 (731373) on Saturday April 05, 2014 @01:01AM (#46667607) Journal

    I believe at this point in time, researchers should only shout out about their vulnerability testing of SCADA software if they DON'T find buckets of basic, serious flaws.

    At this point in time, it's like shooting fish in a barrel. Every company with their SCADA system connected to the internet should get daily fines of a percentage of their worldwide revenue.

  • by Anonymous Coward on Saturday April 05, 2014 @01:51AM (#46667741)

    Why did you need factories with direct connections to the internet anyway? Seems like an easy way to have shit go bad to worse.

  • by Animats (122034) on Saturday April 05, 2014 @02:07AM (#46667775) Homepage

    The code:

    for ( i = 0; v3 != '\n'; ++v2) // Dangerous loop, copying data to a stack buffer, until an end of line is found
    { if ( v3 == '\r' ) break;
    *(_BYTE *)(i + a1) = v3; // Byte copy to the stack, without having destination size into account.
    v3 = *(_BYTE *)(v2 + 1);
    ++i;
    }

    The company that let that code out the door should be sued for gross negligence, and managers fired. That's not the only example; they failed to do basic checks at least three times. This isn't a subtle bug. This is failing C Programming 101.

    (Several times, I've tried to convince the C standards committee to put a "strict mode" [animats.com] in the language and move towards a form of C that's resistant to buffer overflow problems. Maybe I should try again.)

    C - now with over thirty years of buffer overflows.

I am the wandering glitch -- catch me if you can.

Working...