[ISN] World's power grids infested with (more) SCADA bugs

From: InfoSec News <alerts_at_private>
Date: Fri, 6 Feb 2009 03:30:27 -0600 (CST)
http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/

By Dan Goodin in San Francisco
The Register
5th February 2009

Areva Inc. - a Paris-based company that serves nuclear, wind, and 
fossil-fuel power companies - is warning customers to upgrade a key 
piece of energy management software following the discovery of security 
bugs that leaves it vulnerable to hijacking.

The vulnerabilities affect multiple versions of Areva's e-terrahabitat 
package, which allows operators in power plants to monitor gas and 
electric levels, adjust transmission and distribution devices, and 
automate other core functions. Areva markets itself as one of the top 
three global players in the transmission and distribution of energy.

A swarm of buffer overflow and denial-of-service bugs makes versions 
5.5, 5.6, and 5.7 of e-terrahabitat susceptible to tampering, the US 
Computer Emergency Readiness Team warns here. Customers using earlier 
versions need to upgrade as well.

"An unauthenticated attacker may be able to gain access with the 
privileges of the e-terrahabitat account or an administrator account and 
execute arbitrary commands, or cause a vulnerable system to crash," 
CERT's advisory states. Users should apply the patch immediately, it 
adds.

[...]


_______________________________________________      
Best Selling Security Books &amp; More!
http://www.shopinfosecnews.org/
Received on Fri Feb 06 2009 - 01:30:27 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 06 2009 - 01:50:57 PST