AOH :: IS1173.HTM

World's electrical grids open to attack




World's electrical grids open to attack
World's electrical grids open to attack



http://www.theregister.co.uk/2008/09/25/abb_critical_bug/ 

By Dan Goodin in San Francisco
The Register
25th September 2008

A serious vulnerability has been found in yet another computerized 
control system that runs some of the world's most critical 
infrastructure, this time in a product sold by a vendor known as the ABB 
Group.

According to researchers from C4 - a firm specializing in the security 
of so-called SCADA, or Supervisory Control And Data Acquisition, systems
- ABB's Process Communication Unit (PCU) 400 suffers from a critical 
buffer overflow bug.

"The vulnerability was exploited by C4 to verify it can be used for 
arbitrary code execution by an unauthorized attacker," researcher Idan 
Ofrat wrote in this advisory [1] published on Thursday. "In addition, an 
attacker can use his control over the FEP server to insert a generic 
electric grid malware...in order to cause harm to the grid."

The vulnerable software controls critical national infrastructure, 
including electrical grids. The vulnerability affects versions 4.4, 4.5, 
and 4.6, and possibly others, the C4 advisory warns.

ABB has issued a patch for the bug.

[1] http://www.securityfocus.com/archive/1/496739 

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods