SCADA software is a bug trap

SCADA software has more bugs in it than Casu marzu cheese, according to Italian insecurity experts.

Researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric.

Other researchers at Exodus Intelligence have followed suit and found more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours’ work.

SCADA software is rather important. It is used to run systems at utilities, manufacturing plants and other critical points.

It has also been a key target for security researchers as well as hackers.

There have been few documented attacks against SCADA installations enterprise software, but those which have happened have created a real mess.

The most well-known example was the Stuxnet worm, which targeted Siemens software installed at the Natanz enrichment facility in Iran.

Terry McCorkle told Threatpost that the operating system was stuck in the 1990s. SDL doesn’t exist in Industry Control System (ICS) software. There are a lot of ActiveX and file format bugs and he didn’t even bother looking at problems with services.

He said that the state of ICS security is kind of laughable.

Exodus Intelligence expert Aaron Portnoy, who had a bit of time on his hands waiting for his Thanksgiving turkey to cook, spent a couple of hours looking for bugs in SCADA applications.

He said he found more than 20, several of which are remote code-execution vulnerabilities.

Portnoy said that the most interesting thing about these bugs was how trivial they were to find. The first exploitable 0day took a mere seven minutes to discover from the time the software was installed.

He said that the most difficult part of finding SCADA vulnerabilities seems to be locating the software. Apparently finding the software on a system was more difficult than finding the bugs themselves.

Portnoy had no experience of SCADA apps and based his search on the video posted by ReVuln.