For last year, 80,000+ SmartGrid components reported by SCADASOS were disconnected from the internet.
Vulnerabilities in (at least) 4 products, such as RLE Nova-Wind Turbine HMI, Tollgrade SmartGrid Sensor Management System, IBC Solar ServeMaster, SMA Solar Technology AG Sunny WebBox reported by project contributors and fixed by vendors.
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-02A
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-02
https://ics-cert.us-cert.gov/advisories/ICSA-16-040-01
https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01A
Thanks for all contributors, and kudos++ to Max Rupp (https://twitter.com/mmrupp).
Join #SCADASOS!
FAQ
Q: WTF SACADSOS?
A: SCADASOS - (in)Secure Open SmartGrids is a open initiative to rise awareness on insecurities of SmartGrid, Photovoltaic Power Stations and Wind Farms.
Q: How to participate
A: Find Internet-connected PV/Wind/Other power palnts/invertors and notify vendors/CERTs/community. Use #scadasos tag in twitter.
Q: Wow! It simple! Can I hack it?
A: No. It can be a hospital or your grandma’s cottage. Please use passive approach (firmware analysis, testbeds etc.)
Q: I get an 0day!
A: Please submit it to vendor and/or regional CERT
Q: What will I get?
A: Fame/kudos at SCADA StrangeLove talks/knowledge/safe world.
Enjoy!
No comments:
Post a Comment