We decided to move up the release of Adam Crain / Chris Sistrunk S4x14 video because DISTRIBUTECH is next week in San Antonio. This is a big electric sector event and the DNP3 Technical Committee meets in conjunction with this event.

The story of vulns in the DNP3 master protocol stack came out to the general public in October with articles in Wired and the NY Times. Even with that publicity I believe the impact of this set of vulnerabilities is understated. The ability of an attacker at an unmanned outstation to take down one or more DNP3 master and take away visibility and control of potentially an entire SCADA system is very serious.

Also the fact that they could send fuzzed responses back over serial connections is not unexpected, but has not been demonstrated to this degree. Think a bit about what this means to logic of CIP-002.

In one hour video, Chris and Adam go into detail about how they created the fuzzed packets including some specific examples. They also go into the vendor responses and path forward.