Roland Koch and students at the University of Applied Sciences in Augsburg, Germany have released a PROFINET fuzzer called ProFuzz. While not a top 3 protocol in the US, PROFINET is the most widely used ICS protocol in Europe, particularly in the manufacturing sector....
The Shamoon investigation by Saudi Aramco, aided by the government’s Ministry of Interior, stated “The aim was to stop pumping oil and gas to domestic and international markets”. An article in Al Arabiya goes on to say “The state-owned group which runs all...
ICS-CERT issued an Advisory on Friday titled Rockwell Allen-Bradley MicroLogix, SLC-500, and PLC-5 Fault Generation Vulnerability. This is just a distraction from the PLC insecure by design issue. The impact of this vulnerability is denial of service. You don’t...
GE announced the long awaited successor to the decrepit and insecure D20 — the D20MX. This time it appears to be real as some asset owners are expecting demo/trial shipments in a matter of weeks. From the site, “Built-in cyber security features such as...
Slow week in the SCADA security world. Siemens announced some new security controls for the S7-1500 line of PLCs. The most interesting feature –“Access protection addresses the problem of protecting the application against unauthorized configuration...
Last week, Dale had difficult conversations regarding cyber security with two vendors. Apparently, that was the week for vendor interactions, as I had one too. My interaction was with a control system component vendor, attempting to explain the premise of my upcoming...
I’m putting together an intro for an ioActive webinar on CoDeSys with Reid, which will have some good technical information and discussion on the effectiveness of suggested compensating controls. And I’m trying to find some way to point out the complete...
The Unsolicited Response Podcast occurs whenever events warrant. Late last week I recorded an interview with Bob Radvanovsky who is the owner of SCADASEC and one of the leaders of Project Shodan Intelligence Extraction (Project Shine). Project Shine has found over...
Register Now for S4 2013 – Awesome Research This Year NextGov reports the US National Highway Safety Traffic Safety Administration plans to “‘conduct rule-making ready research to establish electronic requirements for vehicle control...
Keep track of the latest S4 updates on our S4 site. We have two great new additions to the S4 2013 agenda. Both happen to involve the Siemens WinCC / S7 product family. Loyal blog readers have probably heard recently of Positive Technologies whitepaper SCADA Safety in...
