Sasser Worm Infection in Process Control System.

Event Year: 2004 Reliability: Confirmed
Country: United Kingdom
Industry Type: Petroleum

A worm (Sasser) infected a number of HMIs on a process control network. Initial point of infection suspected as from an external network connected to the same firewall as the PCN. None of the HMIs were installed with AV software, and none had been patched. All were running on a Windows based OS. The firewall, although running an IDS service, did not have a fully secured rulebase, which allowed the infection to pass onto the PCN.


None, as not all HMIs became infected.

Action Description: AV software has now been distributed to all HMIs, and is regularly updated, as are MS patches as released.