Critical infrastructure security is under scrutiny this week, as security researchers have discovered 45 vulnerabilities in the software used to control facilities such as nuclear plants and oil refineries.
Thirty-four security bugs were found in programs by Siemens, Iconics, 7-Technologies, Datac and Control Microsystems that could allow attackers to remotely execute code, access sensitive data, and disrupt physical equipment by targeting supervisory control and data acquisition software (SCADA) installed on Internet-connected machines, The Register reported.
SCADA software is used to monitor and operate critical infrastructure systems and automated industrial manufacturing, refining and production processes. The high-profile Stuxnet worm that targeted Iran’s Bushehr nuclear reactor in the summer of 2010 was designed to infiltrate SCADA vulnerabilities in Siemens software.
“SCADA is a critical field but nobody really cares about it, “ researcher Luigi Auriemma, the researcher who found the vulnerabilities, told The Register.
Auriemma released proof-of-concept attack codes for the SCADA flaws as a way of shining a spotlight on the need for updated infrastructure networks.
His findings came less than a week after a Moscow-based security firm called Gleg released Agora SCADA+, an exploit pack that highlights 11 SCADA security weaknesses.
The Register reported that SCADA software is often found on old computer systems that are “difficult to replace without causing disruptions to critical equipment,” and that as a result, crucial necessary security updates are often avoided.