TO:     ERCOT Market Participants

RE:     NERC CIP Advisory: GE Fanuc iFIX Vulnerability

Date:  February 11, 2009

 

ERCOT sends this notice to ensure a maximum number of ERCOT Market Participants are notified of the attached NERC CIP advisory, recognizing that not all ERCOT Market Participants are required to be registered with NERC.  

 

About the advisory

Advisory pertains to users of GE Fanuc iFIX application.  Vulnerability has been publicly released.  An unauthenticated attacker on same network may be able to gain admin privileges to the GE Fanuc iFIX process.

 

A detailed Knowledge Base article on the vulnerability and its mitigation is available on the GE Fanuc Support site at:

http://support.gefanuc.com/support/index?page=kbchannel&id=KB13253

 

NERC’s publicly distributed advisory can be found at:  http://www.nerc.com/fileUploads/File/Events%20Analysis/A-2009-02-10-01.pdf

 

To report incidents related to this alert

To report related incidents contact NERC’s ES-IASC 12-hour hotline, 609 452-1422, [log in to unmask].  It is not necessary to report incidents to ERCOT.

 

 

 

 

sg