http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/ By Dan Goodin in San Francisco The Register 5th February 2009 Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil-fuel power companies - is warning customers to upgrade a key piece of energy management software following the discovery of security bugs that leaves it vulnerable to hijacking. The vulnerabilities affect multiple versions of Areva's e-terrahabitat package, which allows operators in power plants to monitor gas and electric levels, adjust transmission and distribution devices, and automate other core functions. Areva markets itself as one of the top three global players in the transmission and distribution of energy. A swarm of buffer overflow and denial-of-service bugs makes versions 5.5, 5.6, and 5.7 of e-terrahabitat susceptible to tampering, the US Computer Emergency Readiness Team warns here. Customers using earlier versions need to upgrade as well. "An unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash," CERT's advisory states. Users should apply the patch immediately, it adds. [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Fri Feb 06 2009 - 01:30:27 PST
This archive was generated by hypermail 2.2.0 : Fri Feb 06 2009 - 01:50:57 PST