A Valentine’s Day present for SCADA companies: new exploit tools

There’s good news for people who love bad news about the security of industrial control systems. At the SCADA Security Scientific Symposium (S4) in Miami Beach in January, there were a host of new security vulnerabilities unearthed in popular programmable logic controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems, the devices and software that are used to control all manner of critical infrastructure and industrial plants. And now, one researcher is preparing a tool to demonstrate the vulnerability of another manufacturer’s systems–just in time for Valentine’s Day.
SCADA platforms such as those from Siemens have been the subject of concerns of Homeland Security officials and others in government and industry, even before the Stuxnet worm’s impact on Iran’s nuclear program demonstrated that vulnerabilities in them could be used to cause real physical damage as part of a “cyber war.” But many vendors have failed to improve the security of their SCADA product