Security flaws in critical infrastructure software could have meant disaster

Network security firm Tenable said on Wednesday that researchers have discovered two security holes in software programs used to control production sites, power plants, water systems, and solar facilities. Tenable chief product officer David Cole said that these vulnerabilities would allow potential hackers full access to industrial control and remotely allow them to shut down critical infrastructure facilities in the worst case.

These flaws also opened up a door for attackers to move around the entire network, not only smashing the infected machine but also hacking every device connected to the infected machine.

These security flaws exist in the two software programs of Schneider Electric in France. The company develops digital tools for critical infrastructure. According to its investor relations, the company’s software is very popular in China, Australia, the United States and Western Europe. Schneider Electric issued a patch for these issues on April 6 and urged plant managers to update their systems. The company thinks this issue is a serious flaw.

Considering that these effects can lead to power outages and potential life and death scenarios, because hospitals and cities rely more on technology, hacking attacks on critical infrastructure carry more weight than typical cyber attacks. In March this year, the U.S. Department of Homeland Security and the Federal Bureau of Investigation issued a warning that since March 2016, Russian hackers have been trying to hijack U.S. power grids with the goal of energy, water, nuclear power and manufacturing companies.

Source: CNET