A software researcher based in Italy has discovered 34 vulnerabilities in SCADA systems. Working out of his lab in Milan, Luigi Auriemma has released proof of concept code for 34 vulnerabilities affecting popular SCADA systems.
Most of the vulnerabilities discovered allow remote code execution on Internet connected systems. Others threats pertain to allowing access to stored data. "I have uploaded my advisories on
my website making anyone aware of the problems. The vendors that now can fix them," says Auriemma. (Pictured alongside is a photograph of Auriemma’s old room/lab.)
He is of the opinion that "although SCADA is a critical field very few really care about it".
The affected SCADA products are:
• DATAC RealWin 2.1 (Build 6.1.10.10)
• 7-Technologies IGSS 9.00.00.11059
• GENESIS32 9.21
• GENESIS64 10.51
• Siemens Tecnomatix FactoryLink 8.0.1.1473
Auriemma has this to say about the vulnerability in Siemens Tecnomatix FactoryLink: "CSService is a Windows service listening on port 7580.The logging function is vulnerable to a buffer-overflow caused by the usage of vsprintf with a stack buffer of 1024 bytes. The vulnerability can be exploited from remote in various ways like the passing of a big path or filter string in the file related operations (opcodes 6, 8 and 10).
There is believed to be no malicious intent and Auriemma is releasing these vulnerabilities under his "full-disclosure philosophy".