Security hole found in software used by power plants

New Scientist reports that security firm has found serious security vulnerability in software used to automate power stations, oil refineries, and production lines.

We can all live with outages at Yahoo Mail, Twitter, and CNN.com. But what about when there's an outage that affects our electrical power, heating systems, and gas supplies?

Boston-based security firm Core Security has discovered a serious hole in the Suitelink software that is used to automate operations at power stations, oil refineries and production lines, according to a report in New Scientist.

Attackers exploiting the vulnerability could crash the software by transmitting an outsize packet data to a certain port on the computer running Suitelink, the article says.

Fortunately, Wonderware, the company that makes Suitelink, has issued a software patch for the vulnerability. Now it's up to the plants to update their software.

Even without finding security holes in the SCADA control software, it's possible to break into power plants by downloading malware to employee computers through a socially engineered e-mail that directs them to a malicious server, a security expert said at RSA 2008 .

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Discuss Security hole found in software used by power...

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Articles from CNET
Fashion forward: Yahoo acquires social-shopping site Polyvore