January 19, 2012
Tenable’s SCADA Plugins Check for Digital Bond’s New Basecamp PLC Vulnerabilities with Zero Network Impact
Digital Bond and Tenable Network Security announced today at the S4 Conference the release of new SCADA plugins for both Tenable’s Nessus® and Passive Vulnerability Scanner® (PVS). These plugins will identify insecure PLC configurations that would allow an attacker to take control of a critical infrastructure such as the electric grid, an oil pipeline, a chemical manufacturing plant or water treatment plant.
Tenable’s Passive Vulnerability Scanner plugins allow a control system network to be monitored continuously without any interaction or impact to the network. The PVS not only identifies these PLC vulnerabilities, it also discovers a wide variety of systems which speak common SCADA protocols such as ICCP, MODBUS and DNP3.
There are seven new Tenable SCADA plugins for the GE D20, Schneider Modicon Quantum and SEL 2032 SCADA PLCs or controllers. These are the devices that communicate with sensors and actuators and tell valves to open, breakers to trip or control some form of a physical process. An attacker who is able to gain control of a PLC can implement a blunt attack that could stop the physical process or a more sophisticated attack that would give the hacker more control over the physical process — posing a more significant threat.
The seven new SCADA plugins are:
- GE D20 Default Telnet
- GE D20 TFTP Sensitive Data
- Modicon Quantum Default FTP
- Modicon Quantum Default HTTP
- Modicon Quantum Default Telnet
- Modicon Quantum TFTP Enabled
- SEL 2032 Default Telnet
Dale Peterson, founder of Digital Bond, said, “We felt it was important to provide tools that critical infrastructure owners can use to determine if their PLCs are at risk. These plugins identify some of the most critical configuration errors we found in Project Basecamp — a project designed to assess the security of a set of popular industrial control system (ICS) field devices with an Ethernet interface for a common set of vulnerabilities. We plan to continue to provide Tenable Network Security with additional PLC security checks from Basecamp.”
“Tenable’s products including Nessus, and the Passive Vulnerability Scanner are designed to go beyond vulnerability scanning for workstations and servers, with functionality that assesses and monitors these special purpose PLCs in real time, — delivering a full featured ICS platform,” said Ron Gula, CEO and CTO of Tenable Network Security. “We’re working closely with many organizations that manage critical infrastructure to help safeguard their systems from external intrusion that could wreak havoc and present a threat to public safety.”
Project Basecamp and the resulting tools were presented at Digital Bond’s S4 Conference in Miami Beach Florida with a team of six researchers assessing the security of six widely used PLC’s in the critical infrastructure in front of an audience of leading SCADA security researchers from around the world.