Today the DHS ICS-CERT published a control system security advisory for the Leão Consultoria e Desenvolvimento de Sistemas (LCDS) LAquis SCADA software. They also published the draft agenda for the Spring 2017 meeting of the ICSJWG in Minneapolis, Minnesota, on April 11-13, 2017.
This advisory describes an improper access control vulnerability in the LAquis SCADA software. The vulnerability was reported by Karn Ganeshen. LCDS has produced a new version to mitigate the vulnerability. ICS-CERT reports that Ganeshen has verified the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker, presumably with local access, could exploit the vulnerability to escalate their privileges and modify or replace application files.
ICS-CERT has provided a link to the draft agenda for the ICSJWG Spring 2016 Meeting. It looks like there will be a number of interesting presentations from familiar names and organizations.
There appears to be an increasing interest in the interface of safety and security in process engineering. With the recent congressional interest in cyber informed engineering (see S 79 in the 115th Congress and S 2943 in the last session) Virginia Wright of the Idaho National Labs will be doing a presentation on the INL work on the topic (see here).