The Register® — Biting the hand that feeds IT

Feeds

World's electrical grids open to attack

Scads of SCADA bugs

By Dan Goodin, 25th September 2008
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

A serious vulnerability has been found in yet another computerized control system that runs some of the world's most critical infrastructure, this time in a product sold by a vendor known as the ABB Group.

According to researchers from C4 - a firm specializing in the security of so-called SCADA, or Supervisory Control And Data Acquisition, systems - ABB's Process Communication Unit (PCU) 400 suffers from a critical buffer overflow bug.

"The vulnerability was exploited by C4 to verify it can be used for arbitrary code execution by an unauthorized attacker," researcher Idan Ofrat wrote in this advisory published on Thursday. "In addition, an attacker can use his control over the FEP server to insert a generic electric grid malware...in order to cause harm to the grid."

The vulnerable software controls critical national infrastructure, including electrical grids. The vulnerability affects versions 4.4, 4.5, and 4.6, and possibly others, the C4 advisory warns.

ABB has issued a patch for the bug.

The advisory comes as concern mounts about the safety of software used to run gasoline refineries, manufacturing plants and other industrial facilities. In June, a now-patched vulnerability in CitectSCADA potentially exposed plants' critical operations to outsiders or disgruntled employees. Law makers on both sides of the Atlantic have warned that lax security may make critical infrastructure vulnerable to saboteurs or terrorists.

C4 is no stranger to security in SCADA systems. In January, it warned of vulnerabilities in two products made by Ge Fanuc. One of them resided in Ge Fanuc's Cimplicity product, and the other affected the company's Proficy Information Portal 2.6. Both appear to have have been patched. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (12)
Latest Comments
Anonymous Coward
Anonymous Coward

@connected

Of course the power stations are all connected. UCTE and NORDEL cover the entire civilized world.

There is no other way to have a stable grid.

Whenever the wind dies down at a turbine park, or a coal plant encounters a problem and falls of the grid, coordinators remotely and automatically redistribute the juice, turn up pumped storage or fire up a gas turbine plant, while remotely telling nuclear plants to increase their output. Do you really think they lay their own fibre to do that?

And SCADA is the Software most of the coordinators use.

0
0
EnricoSuarve

Would they do it?

"But they wouldn't connect them to the internet would they?"

A small thought exercise:

Privatised companies are ALL about the money - when they are privatised it is inevitably sold to the public as "Private companies are somehow magically more efficient and will cut costs for the consumer", if you believe that stop reading now - you need the kind of help I can't provide in a few paragraphs. Otherwise if you are prepared to accept that that's bollocks and it's all about the money - read on

Would connecting a companies power stations, substations and other assets to the internet save money? YES - large savings are possible as you can centralise all the numpty work and reporting , having 24x7 teams in place or even on call for every location is very expensive - you can reduce this drastically by having as much of this work done remotely as possible. Using 'civilian' internet connections is way cheaper than dedicated lines (bear in mind the sheer number of locations you are probably talking about here)

Is it a good idea? Well no, not really for all the reasons you probably know already if you read el'reg

Would removing large amounts of fall back redundant systems, lines and power stations and other assets save money? Well obviously yes, much less to maintain and support - the cost saving is obvious

Is it a good idea? Again no, obviously no - these are your backup, your fall back and emergency systems, these are what you rely on in the case of a major problem at one of your primary sites. America did this already (remember the east coast blackout? Been to California lately?) So it's obviously a bad idea with no benefit other than cost saving (odd that my bills still go up...)

They already got rid of most of the redundancy in the network as far as I am aware, now go back and re-read question 1 - would they do it?

0
0
Anonymous Coward

There's still a way in...

I don't know any large-scale SCADA system that doesn't have at least two emergency backdoors, usually with rudimentary authentication because of necessity. Typically, you'll have one PLC (Private Leased Circuit) style backdoor from a secure facility; could be 2-wire, could be fiber-optics, could be long-haul RS232, don't matter too much. The number two? Remote accessible dial-in, for when that secure facility goes kaboom for whatever reason. Whether or not the supposed vulnerability can be exploited from that side, I don't know. What I do know is that thankfully, these days, the average script kiddie doesn't even know what a modem is, much less how to setup the requisite tools for such activities.

Also, don't underestimate organized criminals. They love a soft target, and plenty of beancounters are stupid enough to think money actually will make the problem go away. Then again, they likely employ modern script kiddies instead of the bearded guru.

Posted as AC because I don't want to be responsible when some kid finds a substation with a login and password of 'login' and 'password,' and accidentally takes an entire country offline.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
124
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
57
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13