In addition to foreign manufacturers, very long (decade or more) upgrade times, deployments in odd locations that pretty much require network access by non-net-savvy technicians, etc., SCADA also has another bug:

Neutralbit identified the vulnerability in NETxAutomation NETxEIB OPC (OLE for Process Control) Server. OPC is a Microsoft Windows standard for easily writing GUI applications for SCADA. It’s used for interconnecting process control applications running on Microsoft platforms. OPC servers are often used in control systems to consolidate field and network device information.

Neutralbit reports that the flaw is caused by improper validation of server handles, which could be exploited by an attacker with physical or remote access to the OPC interface to crash an affected application or potentially compromise a vulnerable server. Neutralbit has also recently published five vulnerabilities having to do with OPC.

— Hole Found in Protocol Handling Vital National Infrastructure, physorg.com, 25 March 2007

Neutralbit also claims this is the first remotely accessible SCADA vulnerability, which the smallest amount of googling shows is not true (I leave that as an exercise for the reader). However, they probably have found a real vulnerability. Continue reading →