The software power plants use to automate their operations contains a vulnerability hackers could exploit to crash the system, reports [1] New Scientist.
Core Security in Boston, Massachusetts, has discovered a serious vulnerability in a software package called Suitelink that is widely used to automate the operation of power stations, oil refineries and production lines. This could allow attackers to crash Suitelink by sending an outsize data packet to a certain port on the computer running the program. Suitelink's maker, Wonderware, has since issued a software patch to plug the security gap.
As Cnet.com's News Blog explains [2], the problem won't be solved until power plants that run Suitelink update their software.
New Scientist notes that Core Security Technologies [3] found the vulnerability early on during its security tests, which means more vulnerabilities may exist in the software.
Security Management is the award-winning publication of ASIS International, the preeminent international
organization for security professionals, with more than 35,000 members worldwide.
ASIS International, Inc. Worldwide Headquarters USA, 1625 Prince Street, Alexandria, Virginia 22314-2818
703-519-6200 | fax 703-519-6299 | www.asisonline.org
Copyright © 2008, Security Management
Powered by: Phase2 TechnologyLinks:
[1] http://technology.newscientist.com/channel/tech/mg19826566.200-power-plants-open-to-hacker-attack.html?feedId=online-news_rss20
[2] http://www.news.com/8301-10784_3-9946716-7.html?part=rss&subj=news&tag=2547-1009_3-0-10
[3] http://www.coresecurity.com/index.php5
[4] http://www.securitymanagement.com/article/terrorist-war-games-focus-it
Comments