SCADA Developer Network

Earlier we announced that SQL vulnerability issue has been resolved by adding Read/Write security control onto database configuration, however the security researcher Dan Rosenberg from VSR claimed that the vulnerability is not fully patched. We were forced to put this issue aside as we have putting on hold too many other features request earlier, and then when we returned to merge the production line with security fix, we were dragged by some crash issues for this fix and worst still bumped into unnecessary problem that due to breaking change in ADO update KB983246 (included in Windows 7 Service Pack 1).

And after the vulnerability is fixed we ourselves have been confused by the default configuration that has no Write security control. And finally after more tests and clarification from developer and analysts, last week ICS-CERT has confirmed via email that the reported SQL Unauthenticated Vulnerability has been resolved, that was right before we almost need to setup a conference call with ICS-CERT analysts.

So by the time ICS-CERT confirmed that issue has been *completely* resolved, the correspondence on one single vulnerability has accumulated up to 53 messages that span across three months. So far this is the vulnerability issue that we find most tedious to solve, and again we thank ICS-CERT for helping up in verifying this fix.

Due to the confusion arised, we have decided to accept ICS-CERT recommendation to make Write security level default to a value of 100, but Read level remains as 0 which is open for world reading. This means guest user no longer allow to acknowledge alarm nor delete any report by default, starting from this Release Candidate version 3.60.4042 or for any other version later.

We have been holding too long on this latest official release, as we were working hard on some stability and security issues. So this release has got no surprises on new features but purely on security and stability improvement.

However, if you are looking for new features, check out the beta release which has more bug fixes and added features despite has not gone through the regression test, so it must not be used for production. Below is the change log for this beta:

1. + Web server added with client login/logout history.
2. + Added visual editing tool for HTML file.
3. + For easier reference, server task log can now be selected and copied into clipboard by pressing Ctrl+C.
4. * Server task log shows some of the activity log in debug mode only.
5. * Fixed case sensitive search.
6. * Various minor bug fixes for P.E. data entry.
7. * Improved Report Server stability.
8. ^ Server stability improvement.

Web login history only available in beta release for now.

Note: The common download links for Official Release and Beta Release are always pointing to the latest version. So you may get the current mentioned version or newer version if you download it later.

To ensure SCADA mimic can be shown correctly on iPhone or iPad, you must first ensure the SVG graphic can be shown perfectly in Apple Safari, which is the browser used for iPhone/iPad. The screen shot below shown that some SVG gradient effects are not correctly rendered in Safari browser as compared to Firefox, Chrome and IE + ASV. Below described the issues caused the defect of SVG gradient display in Safari.

Safari could not render gradient effect correctly.

Gradient that Repeated with Reflected Effect

Firstly Safari doesn’t support ‘Repeat’ with ‘Reflected’ option. If this option is chosen, no reflection will be seen but only blank area will be shown. The workaround is to duplicate the targeted graphic object and flip it either vertically or horizontally.

Gradient Over Horizontal/Vertical Bezier Line’s Stroke

And then this is one of the funny problem for Safari, the gradient effect on stroke only works if the Bezier line is neither horizontal nor vertical.

Gradient over 2 points Bezier horizontal line will not work in Safari, it will show solid line instead.

To get rid of this problem, simply use filled rectangle instead. However, for any reason that you must use gradient over horizontal/vertical stroke, you may add one redundant node at the end making it like a L-shape line, but the redundant node must be placed within the width of the stroke so it will not affect the intended graphic look.

Workaround for Gradient on horizontal bezier line by using 3 Points L-shape stroke.