Sydney, Australia [September 9, 2008] – Citect has been made aware of the publication of code that could be used to exploit a vulnerability that could cause a potential security breach if deliberately executed against a CitectSCADA system. This code targets a vulnerability in Citect Windows-based control systems for which a patch was released in June 2008.
Since the original publication of this vulnerability by Core Security Technologies, Citect has been working with its customers to encourage, and help them, to apply the patch. To date, no customers have reported security breaches.
While all customers should be applying reasonable network security measures, Citect encourages customers not running the patch to contact Citect support or visit the company’s website and update their systems accordingly.
In the 21 year period over which Citect has been designing SCADA software, Citect has consistently recommended to its customers that they follow industry best practices in the development and implementation of control systems. In relation to security measures, Citect’s position on SCADA and process control network security has remained unchanged – SCADA systems, like any business systems, must be protected from unauthorized access. They must be secured by robust protection including firewalls, intrusion detection systems and VPNs.
In addition to revised internal security handling processes, Citect remains committed to working closely with security agencies, customers and partners to ensure its software meets their security guidelines. Revised measures underway include, but are not limited to, an independent code audit, the provision of customer site review capabilities, a new security and safety knowledgebase and RSS feed.
In addition, Citect will soon release a new version of CitectSCADA that applies further enhanced security measures to the software as part of the company’s continued commitment to SCADA security.
“SCADA systems were originally designed and implemented before cyber security became the issue it is today, and so some SCADA systems are vulnerable when connected to the Internet,” says Christopher Crowe, Citect’s global CEO.
“Citect is continuously striving to improve the security of its software and meet best-practice guidelines through the implementation of robust development and testing procedures.”
For further information on this or any related security issue, please visit Citect’s website or contact a local Citect representative.
Threat to SCADA Systems Growing
A security researcher has released easy-to-use attack code that targets industrial SCADA systems.
» View Article
Security Update from Citect
Sydney, Australia [September 9, 2008] – Citect has been made aware of the publication of code that could be used to exploit a vulnerability that could cause a potential security breach if deliberately executed against a CitectSCADA system. This code targets a vulnerability in Citect Windows-based control systems for which a patch was released in June 2008.
Since the original publication of this vulnerability by Core Security Technologies, Citect has been working with its customers to encourage, and help them, to apply the patch. To date, no customers have reported security breaches.
While all customers should be applying reasonable network security measures, Citect encourages customers not running the patch to contact Citect support or visit the company’s website and update their systems accordingly.
In the 21 year period over which Citect has been designing SCADA software, Citect has consistently recommended to its customers that they follow industry best practices in the development and implementation of control systems. In relation to security measures, Citect’s position on SCADA and process control network security has remained unchanged – SCADA systems, like any business systems, must be protected from unauthorized access. They must be secured by robust protection including firewalls, intrusion detection systems and VPNs.
In addition to revised internal security handling processes, Citect remains committed to working closely with security agencies, customers and partners to ensure its software meets their security guidelines. Revised measures underway include, but are not limited to, an independent code audit, the provision of customer site review capabilities, a new security and safety knowledgebase and RSS feed.
In addition, Citect will soon release a new version of CitectSCADA that applies further enhanced security measures to the software as part of the company’s continued commitment to SCADA security.
“SCADA systems were originally designed and implemented before cyber security became the issue it is today, and so some SCADA systems are vulnerable when connected to the Internet,” says Christopher Crowe, Citect’s global CEO.
“Citect is continuously striving to improve the security of its software and meet best-practice guidelines through the implementation of robust development and testing procedures.”
For further information on this or any related security issue, please visit Citect’s website or contact a local Citect representative.
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK