Threatpost – (International) CERT warns on critical hole in SCADA software by Italian firm Progea. The DHS issued a bulletin May 10 warning about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy, and water sectors. The Industrial Control Systems Cyber Emergency Response Team posted an advisory that warned customers of Progea Srl that a memory corruption vulnerability in the Movicon Human Machine Interface software could allow a remote attacker to knock Movicon devices offline using a specially crafted HTTP POST request sent to the Movicon OPC server component. Progea issued a fix for the problem.
Ali Loney, on May 11, 2012