The SCADA vulnerabilities in the Honeywell i30-SPC (now owned by Nordomatic AB) along with a number of other control and monitoring systems were originally discovered by our CSO Martin Jartelius and Security Director John Stock, and reported to the authorities back in Spring 2015. Remote attackers could exploit the web-based SCADA flaw by easily obtaining administrative access to the property management system on the internet, which could allow them to take over control for heating, ventilations, fire alarms and open doors remotely through a web browser at properties ranging from residences to shopping malls.
Manufacturer Honeywell released a patch for the flaw a month after the notification in 2015. Despite being told and reminded about the vulnerabilities over the past two years, the Civil Protection and Emergency Agency (MSB) didn’t address the potential threat until seven state-own properties identified as being vulnerable, including the governor’s residence in Malmö, Kristianstad, Vӓxjö and Umeå, Sweden, came to media attention this week.
The Swedish State Property Agency, SFV, promptly removed control access from the internet when told by the newspaper. But for several years the vulnerable control systems could have been reached by hackers with moderate skills to bypass password protection and gain back door access.
More about the SCADA vulnerability in the news:
Security expert advice: Higher standard needed for critical control systems [Interview in Swedish]
To find out more about how Outpost24 can help, check out our Vulnerability Management solutions or get in touch with us.
Outpost24 is a leading Vulnerability Management company focused on enabling its customers to achieve maximum value from their evolving technology investments. By delivering insights that reduce vulnerabilities and attack surface for any architecture, Outpost24 customers continuously improve their security posture with low effort. Over 2,000 customers in more than 40 countries around the world trust Outpost24 to inspect their devices, networks, and web applications and report compliance status to government, industry sector, or internal regulations. Founded in 2001, Outpost24 serves leading organizations across a wide range of segments including financial and insurance, government, healthcare, retail, telecommunications, technology, and manufacturing.
Press and media information