Security researcher Luigi Auriemma again discloses publicly numerous vulnerabilities targeting multiple SCADA/ICS systems

On September 13, 2011, Italian Security Research Luigi Auriemma (web site) disclosed a laundry list of vulnerabilities that target six (6) different Industrial Control Systems, including United States market leader Rockwell Automation.

The vulnerabilities include:

• Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
• Rockwell RSLogix Overflow Vulnerability
• Measuresoft ScadaPro Multiple Vulnerabilities
• Cogent DataHub Multiple Vulnerabilities
• AzeoTech DAQFacstory Stack Overflow
• Progea Movicon Multiple Vulnerabilities

All of the disclosed vulnerabilities were accompanied with proof-of-concept (PoC) code which can be used to exploit the vulnerabilities. These vulnerabilities range from denial of service (Dos), to information disclosure, to complete remote code execution.

SCADAhacker.com has launched a new section of the webpage that will be used to post and track key information relating to vulnerabilities relating to automation and control systems. The purpose of these pages is to provide a quick set of related links which can be used to further research and explore these vulnerabilities that target the systems controlling not only our critical infrastructure, but a large portion of the manufacturing base in use today.

I encourage you to take a look at the site, and offer any suggestions via email.