Kazio Networks » Presentations

Kazio Networks » Presentations http://www.kazionetworks.com Industrial Ethernet Network Services & Consulting Thu, 10 Jun 2010 21:07:29 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Current Security Vulnerabilities in Control Systems http://www.kazionetworks.com/current-known-security-vulnerabilities-in-control-system-applications-devices/ http://www.kazionetworks.com/current-known-security-vulnerabilities-in-control-system-applications-devices/#comments Fri, 20 Feb 2009 20:49:36 +0000 Melvin Foo http://www.kazionetworks.com/?p=853 Here is a list ¹ of (currently known) control system security vulnerabilities from 2007- present ².

AREVA e-terrahabitat SCADA systems vulnerabilities
February 2009

GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques
February 2009

GoAhead Webserver Information Disclosure Vulnerability
February 2009

Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL Redirection Vulnerability
February 2009

Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Cross-site Scripting Vulnerability
February 2009

Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability
January 2009

ABB PCU400 vulnerable to buffer overflow
September 2008

Citect CitectSCADA buffer overflow
June 2008

Wonderware SuiteLink null pointer dereference
May 2008

GE Fanuc CIMPLICITY HMI heap buffer overflow
January 2008

GE Fanuc Proficy Information Portal allows arbitrary file upload and execution
January 2008

GE Fanuc Proficy Information Portal transmits authentication credentials in plain text
January 2008

Gesytec Easylon OPC Server fails to properly validate OPC server handles
December 2007

Invensys Wonderware InTouch creates insecure NetDDE share
November 2007

LiveData Server fails to properly handle Connection-Oriented Transport Protocol packets
May 2007

LiveData Protocol Server fails to properly handle requests for WSDL files
May 2007

Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles
March 2007

NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles
March 2007

ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow
January 2007

SISCO OSI Stack fails to properly handle malformed packets

January 2007

This is an ongoing list that will be updated periodically. ↩
Referenced from United States Computer Emergency Readiness Team (US-Cert) ↩

]]> http://www.kazionetworks.com/current-known-security-vulnerabilities-in-control-system-applications-devices/feed/ 0