SCADA security flaws get fixed after 4 months
Was checking out one of the latest advisories released by CoreLabs about Wonderware Suitelink DoS attack. This software:
“one third of the world’s plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil & Gas, Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more”.
Some funny scary parts of this advisory:
- 2008-03-03: Core sends proof-of-concept code written in Python.
- 2008-03-05: Vendor asks for compiler tools required to use the PoC code.
- 2008-03-05: Core sends a link to http://www.python.org where a Python interpreter can be downloaded.
If you carry on looking at the advisory you’ll notice that the CoreLabs guys had quite a tough time on this one. Bet the tobacco and caffeine industries made quite a buck out of this as usual 