[ISN] UK critical infrastructure at risk from SCADA security flaw

http://www.v3.co.uk/v3-uk/news/2323339/uk-critical-infrastructure-at-risk-from-scada-security-flaw By Alastair Stevenson V3.co.uk 16 Jan 2014 The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has called for businesses involved in critical infrastructure to be extra vigilant as it investigates a potential critical flaw in a commonly used SCADA system. ICS-CERT issued the warning in a security advisory after security researcher Luigi Auriemma uncovered a vulnerability that left many of the world’s SCADA systems at risk. “ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Ecava IntegraXor, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product,” said the advisory. “IntegraXor is currently used in several areas of process control in 38 countries with the largest installation based in the United Kingdom, United States, Australia, Poland, Canada, and Estonia. ICS-CERT recommends that users take defensive measures to minimise the risk of exploitation of these vulnerabilities.” […]