By Dan Goodin in San Francisco
5th February 2009
Areva Inc. - a Paris-based company that serves nuclear, wind, and
fossil-fuel power companies - is warning customers to upgrade a key
piece of energy management software following the discovery of security
bugs that leaves it vulnerable to hijacking.
The vulnerabilities affect multiple versions of Areva's e-terrahabitat
package, which allows operators in power plants to monitor gas and
electric levels, adjust transmission and distribution devices, and
automate other core functions. Areva markets itself as one of the top
three global players in the transmission and distribution of energy.
A swarm of buffer overflow and denial-of-service bugs makes versions
5.5, 5.6, and 5.7 of e-terrahabitat susceptible to tampering, the US
Computer Emergency Readiness Team warns here. Customers using earlier
versions need to upgrade as well.
"An unauthenticated attacker may be able to gain access with the
privileges of the e-terrahabitat account or an administrator account and
execute arbitrary commands, or cause a vulnerable system to crash,"
CERT's advisory states. Users should apply the patch immediately, it
Best Selling Security Books & More!