A vulnerability has been discovered in the software that runs wind turbines.
Independent Researcher, Maxim Rupp identified a cross-site request forgery, or CSRF vulnerability in the XZERES’S 442SR turbine generator operating system.
“Successful exploitation of this vulnerability allows the ID to be retrieved from the browser and will allow the default ID to be changed. This exploit can cause a loss of power for all attached systems,” according to the ICS-Cert advisory,” Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.”
The vulnerability can be exploited remotely, and and is considered to be a simple hack. Luckily, XZERES has released a patch for it, and there are no known public exploits that target this vulnerability,
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.