Thursday, October 21, 2010

DHS ICS-CERT Issues Two New SCADA Alerts

This morning DHS ICS-CERT issued two new alerts for vulnerabilities related to control systems produced by two different companies. The first vulnerability has been reported in Intellicom’s Netbiter® WebSCADA product while the second vulnerability has been reported in the Moxa Device Manager. No patch is yet available for either vulnerability though Intellicom recommends that their users “change the default password when installing the product” (always great advice).

The Netbiter vulnerability was first reported on SecList.org back on October 1st. ICS-CERT reports that they are working with Intellicom “to address these vulnerabilities”.

The Moxa vulnerability, with exploit, was published yesterday in great detail on ReverseMode.com. This may explain why ICS-CERT has taken the unusual step of posting their alert before they have been able to contact someone from Moxa.

2 comments:

Anonymous said...

This is frightening, to quote:

"The Netbiter vulnerability was first reported on SecList.org back on October 1st. ICS-CERT reports that they are working with Intellicom “to address these vulnerabilities”."

seclist.org is simply an archive of various mailing lists, the message was actually posted to Bugtraq (hosted at securityfocus.com); one of the oldest security focused mailing lists in existence. That you guys don't know what Bugtraq is basically proves that the SCADA industry and users are a decade or more behind in terms of security and shows us why we're in such a mess.

PJCoyle said...

To see my response to the comment made by Anonymous see: http://chemical-facility-security-news.blogspot.com/2010/10/reader-comment-10-21-10-security.html

 
/* Use this with templates/template-twocol.html */