tag:blogger.com,1999:blog-9122514974659083342.post384614041570415288..comments2024-02-02T22:30:20.736-05:00Comments on Chemical Facility Security News: ICS-CERT Updates Latest Crain-Sistrunk AdvisoryPJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9122514974659083342.post-46029750390813842412013-10-22T00:27:54.006-04:002013-10-22T00:27:54.006-04:00Patrick,
Now I'm thoroughly confused.
The ti...Patrick,<br /><br />Now I'm thoroughly confused.<br /><br />The title of the advisory "Alstom e-Terracontrol DNP3 Master Improper Input Validation".<br /><br />The updates say that the Outstation can be sent into an infinite loop and need to be rebooted.<br /><br />Huge difference in impact between these two. The big impact I talked about in my blog is related to attacks from the substation (outstation), serial or IP, against the Master Station. <br /><br />The fact that an attacker can compromise a PLC in a substation if they have comms to that PLC is not a big deal. (Unfortunately given the current "insecure by design" state)<br /><br />Dale Peterson<br />Digital Bond, Inc.<br /><br />Anonymousnoreply@blogger.com