Citect, a provider of process control software for critical infrastructure which this week came under fire for a vulnerability in its SCADA software, has reassured its customers that a breach is extremely unlikely.
SC MagazineUS reported yesterday that Core Security Technologies revealed the details of a bug in
CitectSCADA software on Wednesday which could cause a buffer overflow.
However, in a statement released today, Citect believes the bug is only relevant to a company using ODBC technology and directly connecting its system to the Internet with no security in place – a situation unlikely in today’s business environment.
Citect said all SCADA customers have been contacted and have been assured that it is extremely unlikely that they are at risk from potential security breaches in Windows-based control systems utilising ODBC technology.
“The security of our customers’ control systems is of paramount importance to us. Though we have not had any reports of breaches, we are contacting our customers globally to confirm they have followed recommended network security measures," said Citect’s Global CEO, Christopher Crowe.
“We have also developed a patch for those companies that might not be able to implement necessary network security measures promptly,” he said.
Furthermore, the company said so long as customer systems are protected by industry-standard security guidelines they are safe.
Citect said that it and other SCADA and Control vendors have been communicating potential vulnerabilities of control systems when they are connected to the Internet for some time.