We have made some enhancements to the security of the VTScada Internet Server to resolve some potential vulnerabilities which address the widely publicized issue with SSL, a recent discovery by ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) and our own internal investigations.
The consequences of these issues could include excessive loading or a crash of the VTScada server. These scenarios cannot happen accidentally and require sophisticated deliberate malicious actions. To the best of our knowledge, there have been no instances of these attacks to date.
The systems affected are VTScada/VTS servers that may be accessed directly from the internet. Generally, systems accessed only on private networks, including VPNs, are not at risk, unless there is a concern about potential malicious users within the private network.
Two weeks ago, we quietly contacted all of our known customers with VTScada Thin Client licenses to make them aware and ensure that they knew how to download the update for their version of VTScada. Now that they have had a chance to update their systems, we wish to reach out to any affected customers whom we were not able to contact.
If that includes your organization, we encourage you to update your software as soon as possible using the links below. If you have any questions or any difficulties with installing one of these updates, please call Trihedral tech support at 1-855-887-2232 or 1-902-835-1575. In the UK, call +44 (0) 1224 258910.
Online SCADA security is an ever evolving challenge for end users, integrators, and software developers. For this reason, our software development team is constantly putting VTScada through its paces to discover vulnerabilities and eliminate them in one of our regular version updates. We are also proud to have worked with ICS-CERT and Homeland Security to help protect SCADA users as issues arise.
New versions of VTScada/VTS are available from our FTP site (ftp.trihedral.com/VTS):
- 11.1.011 – Latest build including newest features and fixes.
- 10.2.22 – Recommended for all users of VTS 10. Any installation key with a maintenance expiry after December 1, 2010, will work with this installation.
- 9.1.20 – Recommended for all users prior to VTS 10.0. Any installation key with a maintenance expiry date after December 1, 2009, will work with this installation.
Notes for upgrading VTScada/VTS can be found here: https://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm
Glenn Wadden, President
Trihedral Engineering Limited