In a video presentation, the vulnerability experts known as ReVuln have revealed a 0day vulnerability for industrial SCADA Schneider Electric, General Electric, Siemens and Rockwell Automation. Yet the exact vulnerable products were not discussed in the presentation.
According to ReVuln, the vulnerabilities are of high risk which allows uploading shells remotely, executing the code and session hijacking on the PCs that are responsible for running servers of SCADA installations. If ReVuln is correct in their claims then there are solid chances of taking over the SCADA servers as they are available on the internet due to their settings. The claims are yet not supported by any independent security expert.
An inside view by any independent security expert over the vulnerabilities will play an important role in backing up or denying the claims made by ReVuln as in past it had published the vulnerabilities when they were reveled by some other source or after being fixed.
SCADA systems are usually in news for their insecure servers and for the attacks carried out on them by the hackers. In past SCADA systems for Israel were hacked by Anonymous hackers and 7000 credit card details were leaked online.
