[ISN] SCADA vuln imperils critical infrastructure, feds warn

From: InfoSec News <alerts_at_private>
Date: Wed, 14 Dec 2011 03:37:50 -0600 (CST)
http://www.theregister.co.uk/2011/12/14/scada_bugs_threaten_criticial_infrastructure/

By Dan Goodin in San Francisco
The Register
14th December 2011

An electronic device used to control machinery in water plants and other 
industrial facilities contains serious weaknesses that allow attackers 
to take it over remotely, the US agency that safeguards the nation's 
critical infrastructure has warned.

Some models of the Modicon Quantum PLC used in industrial control 
systems contain multiple hidden accounts that use predetermined 
passwords to grant remote access, the Industrial Control System Cyber 
Emergency Response Team said in an advisory (PDF) issued on Tuesday. 
Palatine, Illinois–based Schneider Electric, the maker of the device, 
has produced fixes from some of the weaknesses and continues to develop 
additional mitigations.

The PLCs, or programmable logic controllers, reside at the lowest levels 
of an industrial plant, where computerized sensors meet the valves, 
turbines, or other machinery that's being controlled. The default 
passwords are hard-coded into Ethernet cards the systems use to funnel 
commands into the devices, and temperatures and other data out of them. 
The Ethernet modules also allow administrators to remotely log into the 
machinery using protocols such as telnet, FTP, and something called the 
Windriver Debug port.

According to a blog post published on Monday by independent security 
researcher Rubén Santamarta, the NOE 100 and NOE 771 modules contain at 
least 14 hard-coded passwords, some of which are published in support 
manuals. Even in cases where the passcodes are obscured using 
cryptographic hashes, they are trivial to recover thanks to documented 
weaknesses in the underlying VxWorks operating system. As a result, 
attackers can exploit the weakness to log into devices and gain 
privileged access to its controls.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Wed Dec 14 2011 - 01:37:50 PST

This archive was generated by hypermail 2.2.0 : Wed Dec 14 2011 - 01:42:11 PST