Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Digital Bond and Tenable Network Security Collaborate on Continuous Critical Infrastructure Protection

January 19, 2012

Columbia, MD

Tenable’s SCADA Plugins Check for Digital Bond’s New Basecamp PLC Vulnerabilities with Zero Network Impact

Digital Bond and Tenable Network Security announced today at the S4 Conference the release of new SCADA plugins for both Tenable’s Nessus® and Passive Vulnerability Scanner® (PVS). These plugins will identify insecure PLC configurations that would allow an attacker to take control of a critical infrastructure such as the electric grid, an oil pipeline, a chemical manufacturing plant or water treatment plant.

Tenable’s Passive Vulnerability Scanner plugins allow a control system network to be monitored continuously without any interaction or impact to the network. The PVS not only identifies these PLC vulnerabilities, it also discovers a wide variety of systems which speak common SCADA protocols such as ICCP, MODBUS and DNP3.  

There are seven new Tenable SCADA plugins for the GE D20, Schneider Modicon Quantum and SEL 2032 SCADA PLCs or controllers. These are the devices that communicate with sensors and actuators and tell valves to open, breakers to trip or control some form of a physical process. An attacker who is able to gain control of a PLC can implement a blunt attack that could stop the physical process or a more sophisticated attack that would give the hacker more control over the physical process — posing a more significant threat.

The seven new SCADA plugins are:

  • GE D20 Default Telnet
  • GE D20 TFTP Sensitive Data
  • Modicon Quantum Default FTP
  • Modicon Quantum Default HTTP
  • Modicon Quantum Default Telnet
  • Modicon Quantum TFTP Enabled
  • SEL 2032 Default Telnet

Dale Peterson, founder of Digital Bond, said, “We felt it was important to provide tools that critical infrastructure owners can use to determine if their PLCs are at risk. These plugins identify some of the most critical configuration errors we found in Project Basecamp — a project designed to assess the security of a set of popular industrial control system (ICS) field devices with an Ethernet interface for a common set of vulnerabilities. We plan to continue to provide Tenable Network Security with additional PLC security checks from Basecamp.”

“Tenable’s products including Nessus, and the Passive Vulnerability Scanner are designed to go beyond vulnerability scanning for workstations and servers, with functionality that assesses and monitors these special purpose PLCs in real time, — delivering a full featured ICS platform,” said Ron Gula, CEO and CTO of Tenable Network Security. “We’re working closely with many organizations that manage critical infrastructure to help safeguard their systems from external intrusion that could wreak havoc and present a threat to public safety.”

Project Basecamp and the resulting tools were presented at Digital Bond’s S4 Conference in Miami Beach Florida with a team of six researchers assessing the security of six widely used PLC’s in the critical infrastructure in front of an audience of leading SCADA security researchers from around the world.

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include 53 percent of the Fortune 500, 29 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

Contact Information:

Cayla Baker
[email protected]
(443) 539-6476

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.