Dan cited a specific implementation of SCADA software, which makes more sense to me than SCADA itself having vulnerabilities. I think that the previous article's gone through some editing, too.

It's still not clear to me whether this vulnerability is exploitable by folks on the street as such, or by insiders only. This depends on whether there are external access points to the system, I suppose. Pretty easy to mitigate those. Again, I'd be more worried about insiders than external h4x0rs.

Slow news day? I'm no huge Citect fan, but seriously? 'Company pulls advice for some better advice?'. Come on. Anyone would think you've got it in for them!

SCADA systems normally run on private networks using VPNs etc to cross the wilds. That makes most proof of concept vulns theoretical rather than practical.

In the old days (1980s, when I dabbled in SCADA) they already had tiered security. People gathering stats for bean counting or system analysis did not have the rights to twiddle knobs. This was more often than not controlled by tiered physical security (only computers in the control room could twiddle) as well as log ons.

Of course an internal hacker could do damage, but then he could also go and throw a physical spanner in the works too.