An exploit for a bug in Citect’s SCADA-systems has just been added to the Metasploit toolkit. While the bug itself is months old, this addition means that vulnerable systems are suddenly at more risk than before.

Because SCADA networks are used for control of some key infrastructure such as water, power plants and power grid, industrial systems and more this might prove a critical vulnerability. Since these systems are so critical, patches are not always installed. 

The main advice from Citect is not to connect these systems to the internet, and keep them on a physically separate network. While this is a good idea, it’s not always practical. It’s not completely unheard of for power plants to be brought down by computer problems…