A popular piece of software used in the computer systems of oil refineries, power plants and other industrial facilities contains a dangerous bug that, if exploited, could leave these critical networks open to remote attack.
The vulnerability exists in two supervisory control and data acquisition (SCADA) programs called GENISIS32 and BizViz, and could potentially enable a hacker to remotely execute rogue code on the machines, according to a report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Because SCADA machines control and automate manufacturing at critical infrastructure and industrial facilities such as electrical grids, wastewater and oil and gas plants, the consequences could be devastating if a cybercriminal took control of one of the computers.
The discovery of the new SCADA bug comes just weeks after a report by the security firm McAfee and the Center for Strategic and International Studies (CSIS) found that government-funded cyberattacks against critical infrastructure facilities have "achieved staggering levels of success," and are likely to increase.
And in late March, an independent researcher found 34 bugs in five SCADA systems, prompting the researcher, Luigi Auriemma, to tell The Register, "SCADA is a critical field but nobody really cares about it."
Of course, when discussing critical infrastructure and cybersecurity, the topic of the Stuxnet worm is on the tip of everyone's tongue.
Designed specifically to take advantage of vulnerability in Siemens software, Stuxnet hit Iran's Bushehr nuclear reactor in the summer of 2010, and also disrupted opreations at its original target, Iran's Natanz uranium-refining facility.
Iconics, the Massachusetts-based manufacturer of GENESIS32 and BizViz, has issued a patch for the security flaw, The Register reports. ICS-CERT warns SCADA software users to isolate critical networks from the Internet to avoid infection, place networks and remote devices behind firewalls, and to not open unsolicited attachments in emails.