By Lucian Constantin IDG News Service November 20, 2012
Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors.
In a video released Monday, ReVuln showcased nine “zero-day” (previously unknown) vulnerabilities which, according to the company, affect SCADA (supervisory control and data acquisition) software from General Electric, Schneider Electric, Kaskad, Rockwell Automation, Eaton and Siemens. ReVuln declined to disclose the name of the affected software products.
SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.
According to by ReVuln, the vulnerabilities it showcased Monday can allow attackers to remotely execute arbitrary code, download arbitrary files, execute arbitrary commands, open remote shells or hijack sessions on systems running the vulnerable SCADA software.
______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org