Italian researcher Luigi Auriemma has released at least a dozen advisories pertaining to SCADA vulnerabilities. SCADA (supervisory control and data acquisition) systems are widely used in factories and industrial control systems to control physical systems. According to Dark Reading, affected products include those from Cogent, DAQFactory, Progea, Carel, and Rockwell.

This is not the first time that Auriemma has released information about new SCADA vulnerabilities; he published 34 zero-day vulnerabilities in March this year.

Opinion varies as to how serious SCADA vulnerabilities could be in real life, though it is tempting to offer gloom-and-doom predictions of hackers gaining control of power plants or refineries to create large-scale anarchy. SCADA vendors, however, have been fond of pointing out that its systems run within controlled environments not normally accessible to hackers.

Yet there is little doubt that Stuxnet, probably the most sophisticated malware to date, successfully infected systems completely disconnected from the Internet, to inflict, by some accounts, a non-trivial amount of damage to Iran's nuclear facilities.

What is clear is that much of the software produced by SCADA vendors is not written with adequate security in mind. And a false sense of security exists as a result of the typical cloistered SCADA environment. Indeed, John Sawyer of Dark Reading was able to find at least 290 vulnerable SCADA systems directly connected to the Internet via search engines.

And if Stuxnet is any indication, disconnecting systems from the Internet will not be enough against a sufficiently determined hacker.

For more:
- check out this article at Dark Reading
- check out this article at CNET News

Related Articles:
Hackers can unlock electronic prison doors
SCADA hack talk canceled on request by DHS, Siemens
The deciphering of Stuxnet and what it means for corporations
Pure cyberwar not going to happen, says report