Citect yanks 'misleading' SCADA bug advisory

Back to the article

This is an improvement over the previous SCADA article #

Posted Friday 19th September 2008 19:05 GMT

Dan cited a specific implementation of SCADA software, which makes more sense to me than SCADA itself having vulnerabilities. I think that the previous article's gone through some editing, too.

It's still not clear to me whether this vulnerability is exploitable by folks on the street as such, or by insiders only. This depends on whether there are external access points to the system, I suppose. Pretty easy to mitigate those. Again, I'd be more worried about insiders than external h4x0rs.

Anonymous Coward

Pah #

Posted Saturday 20th September 2008 18:01 GMT

Slow news day? I'm no huge Citect fan, but seriously? 'Company pulls advice for some better advice?'. Come on. Anyone would think you've got it in for them!

Charles Manning

SCADA is normally private #

Posted Saturday 20th September 2008 23:33 GMT

SCADA systems normally run on private networks using VPNs etc to cross the wilds. That makes most proof of concept vulns theoretical rather than practical.

In the old days (1980s, when I dabbled in SCADA) they already had tiered security. People gathering stats for bean counting or system analysis did not have the rights to twiddle knobs. This was more often than not controlled by tiered physical security (only computers in the control room could twiddle) as well as log ons.

Of course an internal hacker could do damage, but then he could also go and throw a physical spanner in the works too.

Forums

Forums home

Sign up, sign up for The Register's weekly IT security newsletter - click here