Tuesday, August 4, 2015

A Few Facts on IEC61850 in China

A Few Facts on IEC61850-based Substation Integration & Automation in China by Mr Jim Y Cai, Dr Gao Xiang and Dr. Jun Zha:
- In 2013, 10 000 substations from 35KV to 10000KV with 100% 61850 based IEDs are in operation
- By the end of 2013, there are 893 fully digital substations with process bus are in operation

See you there http://xcon.xfocus.org/

Monday, July 20, 2015

Bootkit via SMS (updated)

Updated slides of Bootkit via SMS research as presented at HITB by Timur Yunusov
and Kirill Nesterov.
New stuff: user tracking, "infection" statistics, suddenly vxWorks.


Monday, May 18, 2015

Friends don't let friends put SCADA on the Internet

New analytic research on ICS components vulnerabilities.

146 137 are online, (at least) 15000 can be hacked by script-kiddie.

Pictures below


Tuesday, May 5, 2015

More news from nowhere

Fixes for Inductive Automation Ignition 7.7.2. Bugs by Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai. Simple bugs, simple list.
CVE-2015-0976
CVE-2015-0991
CVE-2015-0992
CVE-2015-0993
CVE-2015-0994
CVE-2015-0995

Now or never. CIA vs Schneider Electric

Few bugs in InduSoft Web Studio and InTouch Machine Edition 2014 recently fixed by Schneider Electric were discovered during PHDays Critical Infrastructure Attack challenge. Kudos @alisaesage. For bless you.

Absolutely old-school-community-drive-responsible-disclosure in action. Many emotions left behind..

Enjoy

Tuesday, February 17, 2015

Monday, February 16, 2015

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

New vulnerabilities from out team and new patches from Siemens

CVE-2015-1358 and CVE-2014-4686 are all abut VNC code reuse.

CVE-2015-1355 and CVE-2015-1356 we can’t name vulnerabilities. Local weaknesses, defects in security feature implementations… But it fixed, thanks Siemens.