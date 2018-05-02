A Critical Security Flaw in Popular Industrial Software Put Power Plants At Risk (zdnet.com) 5
A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. From a report: Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker to attack systems on the network. It's the latest vulnerability that risks an attack to the core of any major plant's operations at a time when these systems have become a greater target in recent years. The report follows a recent warning, issued by the FBI and Homeland Security, from Russian hackers. The affected Schneider software, InduSoft Web Studio and InTouch Machine Edition, acts as middleware between industrial devices and their human operators. It's used to automate the various moving parts of a power plant or manufacturing unit, by keeping tabs on data collection sensors and control systems. But Tenable found that a bug in that central software could leave an entire plant exposed.
How about making it illegal to access such systems with malicious intent? That should solve it, right?
(I think I play too much with the boys from the legal department recently...)
In other news.... (Score:2)
That's it, there is no other news. Exploit found, manufacturer fixed in a timely manner. I would say that whatever ad-hoc system that is in place for identifying software vulnerabilities, whether it's a reward or just the coolness factor of having one's name in an article, seems to be working. I did like the picture of the Nuke plant in the article though. I am making a wild guess that any software running internally in a nuclear plant is not accessible from outside, not even through a firewall. But I could