Core
Security in Boston, Massachusetts, has discovered a serious
vulnerability in a software package called Suitelink that is widely
used to automate the operation of power stations, oil refineries and
production lines. This could allow attackers to crash Suitelink by
sending an outsize data packet to a certain port on the computer
running the program. Suitelink's maker, Wonderware, has since issued a
software patch to plug the security gap.
Core
had only just begun examining this kind of supervisory control and data
acquisition (SCADA) program when it found the problem. This may mean
that more vulnerabilities are still hidden in software of this type.
Power plants open to hacker attack