TO:
ERCOT Market Participants
RE:
NERC CIP Advisory: GE Fanuc iFIX Vulnerability
Date:
February 11, 2009
ERCOT sends this notice to ensure a maximum number of
ERCOT Market Participants are notified of the attached NERC CIP advisory,
recognizing that not all ERCOT Market Participants are required to be registered
with NERC.
About
the advisory
Advisory pertains to users of GE Fanuc iFIX
application. Vulnerability has been publicly released. An unauthenticated
attacker on same network may be able to gain admin privileges to the GE Fanuc iFIX
process.
A detailed Knowledge Base article on
the vulnerability and its mitigation is available on the GE Fanuc Support site
at:
http://support.gefanuc.com/support/index?page=kbchannel&id=KB13253
NERC’s publicly distributed advisory
can be found at: http://www.nerc.com/fileUploads/File/Events%20Analysis/A-2009-02-10-01.pdf
To report incidents
related to this alert
To report related
incidents contact NERC’s ES-IASC 12-hour hotline, 609 452-1422, [log in to unmask]. It is not necessary to
report incidents to ERCOT.
sg