Tuesday, August 3, 2010

SCADA Vulnerabilities

DHS CERT has two new reports on SCADA vulnerabilities on their web site. There is the latest information on the Stuxnet Trojan and their initial advisory on a new vulnerability for control systems components running the VxWorks operating system. Stuxnet Update ICS-CERT has published the third version of their advisory on the Stuxnet Trojan. There isn’t that much new information. They note that while Siemens reports that four customer systems have been infected world wide, there have been no reports of production interruptions. The updated advisory also reports on yesterday’s Microsoft out-of-band security bulletin. ICS-CERT does provide this important recommendation:
“ICS-CERT recommends that all control systems operations personnel work with their vendor to assess potential impacts before implementing this new fix. ICS-CERT also recommends coordinating with your vendor to determine if the operating system provided in your control systems installation is affected by this vulnerability and if a fix is available.”
VxWorks Vulnerability The new advisory on the VxWorks vulnerability actually describes two separate vulnerablities. VxWorks is an operating system that may be used in embedded components of control systems. Because of the large number of potential embedded systems in which the OS can be used, ICS-CERT notes that “the actual list of affected products is large, and not completely known” (pg 1). To make matters even more confusing, not all systems using VxWorks will be vulnerable. ICS-CERT recommends contacting system vendors to see if a particular system is affected by this vulnerability. The first vulnerability is a debug service enabled by default while the second is a weak hashing algorithm used in authentication. Either vulnerability might allow unauthorized access to or control of the embedded device. These vulnerabilities were discovered by a security researcher and the details of the exploit have not yet been made public. No exploits in live systems ‘in the wild’ have yet been seen.

2 comments:

Anonymous said...

"These vulnerabilities were discovered by a security researcher and the details of the exploit have not yet been made public. No exploits in live systems ‘in the wild’ have yet been seen."

Wrong.

modules are in the metasploit trunk
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

PJCoyle said...

See my response to the comments made by Anonymous at: http://chemical-facility-security-news.blogspot.com/2010/08/reader-comment-08-06-10-vxworks-exploit.html

 
/* Use this with templates/template-twocol.html */