
![]() |
Charlotte Stonestreet
Managing Editor |
Home> | IIot & Smart Technology | >Cyber Security | >Security flaws found in power grid systems |
Security flaws found in power grid systems
16 August 2018
Schweitzer Engineering Laboratories invents, designs, and builds digital products and systems that protect power grids around the world. This technology prevents blackouts and enables customers to improve power system reliability and safety at a reduced cost.
Applied Risk is an established leader in Industrial Control Systems security that helps to protect assets and reduce security risk. Researcher Gjoko Krstic has identified vulnerabilities in the Schweitzer Engineering Laboratories Compass version 3.0.5.1 and Schweitzer Engineering Laboratories Acselerator Architect version 2.2.24.0.
For Acselerator, an unauthenticated user can craft a malicious project and/or template file that will enable them to read arbitrary files within the context of an affected system, allowing disclosure of valuable information via out of band channels. It can also cause a denial of service scenario requiring an application restart, by running a malicious FTP server.
SEL Compass suffers from a vulnerability related to elevation of privileges, which can be used by an authenticated user that can change the executable file and further infect the affected system.
Applied Risk has worked alongside the manufacturer in the responsible disclosure process, and the fix has now been issued. For end users, updating the product firmware to the latest version the manufacturer has provided will fix this vulnerability.
- Norsk Hydro hit by cyber attack
- New digital skills grow North West manufacturing
- Inteq becomes new name for Invar Group
- CDA & Siemens team up for Industry 4.0 seminar
- Human resolution tactile sensor
- The future for pharma
- Automated battery-discharging plant
- ARE YOU READY FOR…THE INTERNET OF THINGS?
- Overcoming counterfeits
- Hyundai & Kia debut VR design evaluation system
- Protect your ICS from cyber-attacks
- Secure data handling
- Cyber security wake-up call
- Serial-to-Ethernet server
- How secure is your ERP system?
- Malware targets industrial safety systems
- Protects controllers from manipulation
- Cyber inventory solution
- Network rental scheme
- Industrial IT security expertise confirmed