SCADA systems are critical proprietary command & control applications, with which the security community is not familiar. Very few vulnerabilities were found in these systems as the access to the systems is limited. Very few exploits and security flaws were published, since the required skills to attack proprietary systems are rare. In addition very few operational SCADA systems were tested as these critical systems require in-depth knowledge of the operational environment, in order to avoid physical harm. C4 Security develops Fides a comprehensive system which elevates the reliability, safety and security of control systems. C4 Security provides SCADA penetration tests which draw on our vast experience of conducting these activities safely.

Whitepapers:

Smart Grid Security Whitepaper The Dark Side of the Smart Grid - Smart Meters (in)Security SCADA Security Scientific Symposium (S4) Whitepaper Control System Attack Vectors and Examples: Field Site and Corporate Network SyScan08 Presentation SCADA Security - Generic Electric Grid Malware Design Homeland Security Services for the SCADA/Military market

Publicly Disclosed Vulnerabilities

Rockwell Automation (Allen Bradley) Multiple Vulnerabilities Multiple vulnerabilities allowan attacker to gain full control over any Micrologix 1100 and 1400 RTU. For additional details, click here. OSISoft PI Server Vulnerability A vulnerability in the authentication process of PI Server allows an attacker to compromise the login credentials for the server. For additional details, click here. AREVA e-terrahabitat Multiple Vulnerabilities Multiple vulnerabilities which may lead to denial of service of the SCADA system or unauthorized access were found in AREVA e-terrahabitat. For additional details, click here. ABB PCU400 Vulnerability A buffer overflow which allows an attacker to compromise the ABB PCU400 FEP (Communication server) was identified, and an exploit was successfully implemented. For additional details, click here. GE Fanuc Cimplicity Vulnerability A heap overflow which allows an attacker to compromise the control center server and operator workstations was identified, and an exploit was successfully implemented. For additional details, click here. Proficy Information Portal Vulnerability An application level vulnerability allows an attacker to upload and execute his code on GE-Fanuc's reporting server, which commonly connects the control and corporate networks. For additional details, click here.