31C3: Too Smart Grid in da Cloud ++

This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security.

SOS! Secure Open SmartGrids!

Dear all,

After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.

There are dozens of platforms, hundreds of vendors, thousands of SmartGrid devices… Millions of them connected to Internet without any protection. But you can change the situation.

Join our SCADASOS project to make the world safer!

Well, Honeywell

New knowledge about Honeywell Experion Process Knowledge System. Yes, you must patch it.
Yes, it's all about grep +1 SSRF.

Thanks to Alexander Tlyapov, Gleb Gritsai, Kirill Nesterov, Artem Chaykin and Ilya Karpov

Honeywell advisory/patch:
https://www.honeywellprocess.com/library/support/Public/Documents/ExperionPKS.R311.Server.Patch282.PAR1-2VNCSKZ_SCN.pdf

Sorry for the delay. It can wait.