For Sale SCADA software vulnerabilities


During the I Cybersecurity Forum that was held this week in Madrid, spoke specifically of the cybersecurity industry and the existence of "an interesting market for vulnerabilities" for this market, where the SCADA software is one of the most used . And ReVuln announcement only confirms what I said on Tuesday Samuel Linares, Director of Intermark Serviced Cibersecurity technolgies.

ReVuln security is a startup based in Malta that claims to have a long list of vulnerabilities related to industrial control software and prefers to sell that information to governments and other customers who are willing to pay for them rather than communicate them to vendors affected software.

The company not only ensures it is that has posted a three-minute video on Vimeo for those who doubt his words. The video shows nine-zero-day vulnerabilities have now ceased to be, that as SCADA systems ReVuln affect General Electric, Schneider Electric, Kaskad, Rockwell Automation, Siemens and Eaton.

The SCADA software runs on normal computers, but is used in critical infrastructure and other industrial plants to monitor and control industrial processes.

ReVuln ensures shown vulnerabilities allow attackers to perform remote execution of code, download files, execute commands, open pumps remotely or hijack sessions on systems running vulnerable SCADA software.

From the security firm explained that most of these products are designed to allow remote administration via the Internet and are often exposed by insecure configurations.

Along with the French company, Vupen, dedicated to finding vulnerabilities, ReVuln is of the few companies that sells vulnerability information to government agencies and other private clients, avoiding their research report to affected software vendors to prevent them solve . There is a new business is something that private investigators have been doing for many years, but usually discrete and sales agreements

No comments:

Post a Comment