Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch presented at S4 2014

by Donato Ferrante, Luigi Auriemma,

Summary : While some ICS vendors are adjusting to the new reality of ICS vulnerabilities and are quick to release security patches, most ICS vendors are still slow to provide a solution for a proven and public vulnerability. In this session, Luigi and Donato will disclose a new 0day vulnerability and exploit, and how this can be used to attack the ICS. Using the 0day as a sample, they then will demonstrate how the vulnerability can be addressed in the software without the vendor participation.
This approach is also interesting in a world where organizations may want to maintain an offensive capability while protecting their own critical infrastructure that uses these same ICS applications.