via Zack Whittaker timely reportage for ZDNet’s Zero Day group, his work provides insight to the tangled-web-we-weave in the ICS/SCADA world. This time – the ramifications of a particularly-pesky security flaw in a Schneider product (amongst thousands of other known bugs in hundreds of other software packages coupled with poor software management practices in the industrial control systems sector combine to make a very poor nap at the control boards, indeed. Just ask Homer! Today’s Critical Must Read Choice.
“It’s the latest vulnerability that risks an attack to the core of any major plant’s operations at a time when these systems have become a greater target in recent years. The report follows a recent warning, issued by the FBI and Homeland Security, from Russian hackers. The affected Schneider software, InduSoft Web Studio and InTouch Machine Edition, acts as middleware between industrial devices and their human operators. It’s used to automate the various moving parts of a power plant or manufacturing unit, by keeping tabs on data collection sensors and control systems. ” – via Zack Whittaker writing for ZDNet’s Zero Day
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.zdnet.com/article/critical-security-flaw-schneider-industrial-software-power-plants-vulnerabilty/