Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

No ratings

Presented at S4 2014 by

Donato Ferrante

Luigi Auriemma

While some ICS vendors are adjusting to the new reality of ICS vulnerabilities and are quick to release security patches, most ICS vendors are still slow to provide a solution for a proven and public vulnerability. In this session, Luigi and Donato will disclose a new 0day vulnerability and exploit, and how this can be used to attack the ICS. Using the 0day as a sample, they then will demonstrate how the vulnerability can be addressed in the software without the vendor participation. This approach is also interesting in a world where organizations may want to maintain an offensive capability while protecting their own critical infrastructure that uses these same ICS applications.