Monday, May 18, 2015

Friends don't let friends put SCADA on the Internet

New analytic research on ICS components vulnerabilities.

146 137 are online, (at least) 15000 can be hacked by script-kiddie.

Pictures below

Tuesday, May 5, 2015

More news from nowhere

Fixes for Inductive Automation Ignition 7.7.2. Bugs by Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai. Simple bugs, simple list.

Now or never. CIA vs Schneider Electric

Few bugs in InduSoft Web Studio and InTouch Machine Edition 2014 recently fixed by Schneider Electric were discovered during PHDays Critical Infrastructure Attack challenge. Kudos @alisaesage. For bless you.

Absolutely old-school-community-drive-responsible-disclosure in action. Many emotions left behind..


Tuesday, February 17, 2015

Monday, February 16, 2015

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

New vulnerabilities from out team and new patches from Siemens

CVE-2015-1358 and CVE-2014-4686 are all abut VNC code reuse.

CVE-2015-1355 and CVE-2015-1356 we can’t name vulnerabilities. Local weaknesses, defects in security feature implementations… But it fixed, thanks Siemens.

Tuesday, December 30, 2014

31C3: Too Smart Grid in da Cloud ++

This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security.

Sunday, December 28, 2014

SOS! Secure Open SmartGrids!

Dear all,

After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.

There are dozens of platforms, hundreds of vendors, thousands of SmartGrid devices… Millions of them connected to Internet without any protection. But you can change the situation.
Join our SCADASOS project to make the world safer!