| Developers: | NPF Energosoyuz |
| Last Release Date: | 2022/07/11 |
| Branches: | Power |
| Technology: | SCADA |
Content |
Main article: SCADA purpose of systems
2022
Fix vulnerabilities
On July 11, 2022, the company Rostelecom-Solar"" announced that NPF ENERGOSOYUZ it had fixed a number of vulnerabilities in its software to collect the technological data and dispatch control of SCADA-NEVA Vulnerabilities. discovered experts from cyber security the research and development of cyber training scenarios National Cyber Police at RTK-Solar Viktor Nikitin, Vladislav Suchkov and Konstantin Kondratyev, headed by Ilya Karpov. Among the identified vulnerabilities, including critical ones, the researchers rated the danger level at 9.8 out of 10 points on the CVSS 3.0 scale.
According to the company, the vulnerabilities identified by experts of the National Cyber Police affect the SCADA-NEVA software versions 6.0.0.375 and below. They allowed attackers to implement cyber attacks to intercept data, gain access to a user account by automatically brute-force passwords and calling a denial of service.
 | For July 2022, when the number of attempts to attack Russian organizations increased significantly, this topic is especially important. Experts from the National Cyber Police helped us make our SCADA system more protected from cyberattacks by attackers, and we greatly appreciate this cooperation. commented Andrey Savelyev, Commercial Director of NPF ENERGOSOYUZ |  |
After receiving information about vulnerabilities from experts from the National Cyber Police, the manufacturer developed organizational measures to eliminate them and released a security update. Users of the product are advised to contact the technical support of NPF ENERGOSOYUZ and update the system to version 6.0.0.391.
| | For July 2022, the issue of real information security came to the fore. The responsiveness of detecting and eliminating critical vulnerabilities has become one of the important parameters of business processes in general. Working with vulnerabilities seriously affects the reputation of hardware and software manufacturers. For us, as a cyber police, research activity provides up-to-date knowledge of modern protection methods, allows us to provide users with a modern and up-to-date product, acquaint them with various threats, and practice advanced protection methods. Such cooperation is beneficial for both manufacturers who optimize the quality of their products and us, since it makes it possible to form a personnel reserve for the industry. noted Dmitry Malinkin, Deputy Director of the National Cyber Police | |
The discovered vulnerabilities and recommendations for their elimination were recorded in the Information Security Threats Data Bank of the FSTEC of Russia (BDU:2022-03247 - BDU: 2022-03252).
Features and features of "Scada Neva"
As of July 2022, the software developed by NPF ENERGOSOYUZ includes a wide range of functions and components, which allows it to be classified as a product class called the term SCADA (Supervisory Control And Data Acquisition).
According to the developers, a distinctive feature of SCADA-NEVA software is the implementation of the principle of free software configuration by a user who is provided with a simple and intuitive interface for configuring most system parameters. The simplest case of using the NEVA CAS is the modernization of old ones and the creation of NEVA-ASA emergency event recording systems. In the event of an accident, all signals will be recorded by a digital oscilloscope, transmitted to the system server and presented in a user-friendly form.
The conditions for starting the oscilloscope are flexibly adjusted, the recorded oscillograms are archived with the date, time and reason for starting. The necessary service is provided for viewing and analyzing oscillograms: construction of vector and spectral diagrams, resistance yearographs, calculation of phase, frequency, as well as effective values of currents and voltages at any point of the pre-accident, emergency and post-accident process. It is possible to jointly analyze several oscillograms - for example, recorded by different alarm event recorders ("NEVA-PAC") having different frequency of polling signals, or even oscillograms received from different objects. It is possible to export oscillograms to COMTRADE format (by user command or automatic). Also, as part of the SCADA-system "SCADA-NEVA" there is a software module for determining the location of damage to the overhead line using the oscillogram of the emergency process. The NEVA CAS has the capabilities to control various equipment, and this can be both operational control and algorithmic. During operational control, various interlocks from incorrect operator commands can be implemented.
The capabilities of SCADA-NEVA algorithmic control make it possible to implement control systems of various purposes on the basis of NEVA CAS, for example, some types of protection or emergency automation. You can also implement such algorithms, in the implementation of which several BRKU 2.0 controllers in the system are involved at once. For example, the value of a signal connected to the input of one "BRKU 2.0" can participate in control algorithms executed in another "BRKU 2.0."
Basic software (supplied with NEVA CAS) and includes the following set of software components:
- Oscilloscope program (viewing and analysis of oscillograms);
- Program "Event table" (viewing the event database);
- "Mnemonic diagram" program (editing and viewing of object mnemonic diagrams);
- Additional software.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |