US-Cert warns of SQL holes in Scada control systems

The US Cyber Emergency Readiness Team has issued a warning that industrial control systems widely used in the UK and US are at risk from SQL Injection attacks.

The US Cyber Emergency Readiness Team (US-Cert) has issued a warning that industrial control systems widely used in the UK and US are at risk from SQL Injection attacks.

Independent security researcher Dan Rosenberg, who works with Virtual Security Research (VSR), has discovered an unauthenticated Structured Query Language (SQL) vulnerability in the Ecava IntegraXor human machine interface (HMI) product that could allow data leakage, data manipulation and remote code execution against the back-end host running the database service, Cert said.

IntegraXor is deployed in several areas of process control in 38 countries around the world, with the largest installed bases in the United Kingdom, United States, Australia, Poland, Canada and Estonia. The vulnerability affects all IntegraXor versions prior to Version 3.60 (Build 4032).

The Industrial Control Systems Cyber Emergency Response Team (ICS-Cert) advises users to locate control system networks and remote devices behind firewalls and isolate them from the business network. If remote access is required, secure methods such as virtual private networks (VPNs) should be used.

In a blog post, IntegraXor said: "Earlier we announced that the SQL vulnerability issue has been resolved by adding read/write security control onto database configuration, however the security researcher Dan Rosenberg from VSR claimed that the vulnerability is not fully patched. We were forced to put this issue aside as we have put on hold too many other features requested earlier, and then when we returned to merge the production line with security fix, we were dragged by some crash issues for this fix and worse still bumped into unnecessary problems due to breaking change in ADO update KB983246 (included in Windows 7 Service Pack 1)."

Another security researcher, Luigi Auriemma, has identified several issues with Siemens Tecnomatix FactoryLink, IGSS (Interactive Graphical Scada System) and Iconics GENESIS32 Scada-based systems on his website.

As Computer Weekly has previously reported, StuxNet-style attacks that target Scada control systems are likely to become more frequent this year.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...