DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,140
Thanked 182 Times in 149 Posts
Default Industrial Control Systems: security holes galore

From http://www.h-online.com/security/new...e-1212336.html

Quote:
It seems that Stuxnet has given many security experts an interest in the potential holes in industrial control and SCADA (Supervisory Control and Data Acquisition) systems. Security specialist Luigi Auriemma, previously mainly known for detecting holes in games and media players, has released a list of 35 vulnerabilities in SCADA products by Siemens Tecnomatix (FactoryLink), Iconics (Genesis 32 and 64), 7-Technologies (IGSS) and DATAC (RealWin).
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 25th March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,140
Thanked 182 Times in 149 Posts
Default Another zero-day exploit for SCADA systems

From http://www.h-online.com/security/new...s-1215450.html

Quote:
Security specialist Ruben Santamarta has published code demonstrating a flaw in the web-based virtualisation software WebAccess from BroadWin. The code reportedly allows a flaw in WebAccess Network Service's RPC interface to be exploited allowing code to be injected. Santamarta says he informed ICS-CERT in advance, and the firm contacted the vendor.

ICS-CERT said that the vendor was not able to confirm the flaw. Santamarta later wrote that the vendor denied the flaw's existence, so he published the exploit. In lieu of a patch, ICS-CERT recommendsPDF that BroadWin users protect their systems with a firewall and use VPNs for remote access. BroadWin software is used around the world and is also sold by Advantech.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP 5.3.6 closes five security holes J65nko News 2 17th March 2011 07:49 PM
Open MySQL security holes J65nko News 1 18th May 2010 02:27 AM
The top ten security holes for web developers J65nko News 1 26th April 2010 05:11 AM
Java 6 Update 19 closes 26 security holes J65nko News 1 31st March 2010 10:27 PM
PHP 5.2.13 addresses security holes J65nko News 2 26th February 2010 10:22 PM


All times are GMT. The time now is 12:05 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick