Turning a SCADA Vulnerability into a Successful Attack
On March 21, 2011, Italian security researcher Luigi Auriemma disclosed 34 vulnerabilities spanning four difference industrial control systems. These disclosures exploited vulnerabilities within various core control system applications and services, making these susceptible to not only denial of service attacks, but also the ability to remotely execute code on this susceptible systems.
This video takes a look at the Interactive Graphical SCADA System (IGSS) developed by 7 Technologies from Denmark, and how the published "Proof of Concept (PoC)" code/data packets can be leveraged to building and executing your own malicious code. The end result is a complete compromise or "pwning" of the control system!
SCADAhacker has also developed a companion demonstration video that takes a look at some of the security controls that can be used to protect control systems from zero-day vulnerabilities like those disclosed by Luigi Auriemma. This video can be viewed by clicking here.