Sign in / up

back to article Yokogawa patches widespread SCADA vulnerability

One of the world's major suppliers of industrial networking kit, Japanese company Yokogawa, has alerted the world to a vulnerability in 21 of its products. The ICS-CERT advisory, here, identifies the company's CENTUM, ProSafe-RS, STARDOM, FAST/TOOLS and other systems as being at risk. The vulns are “stack-based buffer …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Voland's right hand Silver badge

    The 1990-es called

    The 1990-es called, the "how to write network software" class is still opened. First lesson homework is reading Aleph One's paper "Smashing the Stack for Fun and Profit" published on the 11th of August 1996.

    Yeah, I know, the idea of bounds checking and sanitizing inputs is wasted on people writing embedded industrial software.

    The really scary bit is that the same "geniuses" are writing smart meters and smart metering systems and that is being forced upon us by government decrees across the globe.

    1 1 Reply
    1. Archie Woodnuts
      Reply Icon

      Re: The 1990-es called

      Black helicopters, black helicopters everywhere.

      0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: The 1990-es called

      Yeah, I know, the idea of bounds checking and sanitizing inputs is wasted on people writing embedded industrial software.

      Well, yes, but with seriously scary consequences. One of the PLCs in use in many an oil platform was vulnerable to an attack of a SINGLE malcrafted packet. Yes, one. The result was that it would fail in a random state (you couldn't predict if it would fail open or closed) and worse, this wasn't the sort of failure you could reset or power cycle, you had to rewrite the firmware to get it to work again.

      I guess those people now work for Fiat Chrysler...

      0 0 Reply
  2. vitorjesus

    the airgap myth

    "Industrial systems that are properly isolated from the Internet aren't at risk, the company says."

    This is a (negatively) surprising statement coming from Yokogawa which is senior player in the field. If the ICS is not reachable from the public Internet it sure helps contain remote exploitation but will not do anything against (for example) a compromised machine that gets inside.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like