Current Security Vulnerabilities in Control Systems
Here is a list 1 of (currently known) control system security vulnerabilities from 2007- present 2.
AREVA e-terrahabitat SCADA systems vulnerabilities
February 2009
GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques
February 2009
GoAhead Webserver Information Disclosure Vulnerability
February 2009
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL Redirection Vulnerability
February 2009
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Cross-site Scripting Vulnerability
February 2009
Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability
January 2009
ABB PCU400 vulnerable to buffer overflow
September 2008
Citect CitectSCADA buffer overflow
June 2008
Wonderware SuiteLink null pointer dereference
May 2008
GE Fanuc CIMPLICITY HMI heap buffer overflow
January 2008
GE Fanuc Proficy Information Portal allows arbitrary file upload and execution
January 2008
GE Fanuc Proficy Information Portal transmits authentication credentials in plain text
January 2008
Gesytec Easylon OPC Server fails to properly validate OPC server handles
December 2007
Invensys Wonderware InTouch creates insecure NetDDE share
November 2007
LiveData Server fails to properly handle Connection-Oriented Transport Protocol packets
May 2007
LiveData Protocol Server fails to properly handle requests for WSDL files
May 2007
Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles
March 2007
NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles
March 2007
ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow
January 2007
SISCO OSI Stack fails to properly handle malformed packets
January 2007
