Visible to the public A Study on Software Vulnerabilities and Weaknesses of Embedded Systems in Power Networks

TitleA Study on Software Vulnerabilities and Weaknesses of Embedded Systems in Power Networks
Publication TypeConference Paper
Year of Publication2017
AuthorsVälja, Margus, Korman, Matus, Lagerström, Robert
Conference NameProceedings of the 2Nd Workshop on Cyber-Physical Security and Resilience in Smart Grids
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4978-9
KeywordsCollaboration, CVSS, cyber security, Human Behavior, human factors, Metrics, policy-based governance, power networks, pubcrawl, resilience, Resiliency, security weaknesses, Software Vulnerability
Abstract

In this paper we conduct an empirical study with the purpose of identifying common software weaknesses of embedded devices used as part of industrial control systems in power grids. The data is gathered about the devices and software of 6 companies, ABB, General Electric, Schneider Electric, Schweitzer Engineering Laboratories, Siemens and Wind River. The study uses data from the manufacturersfi online databases, NVD, CWE and ICS CERT. We identified that the most common problems that were reported are related to the improper input validation, cryptographic issues, and programming errors.

URLhttps://dl.acm.org/citation.cfm?doid=3055386.3055397
DOI10.1145/3055386.3055397
Citation Keyvalja_study_2017