Thursday, August 25, 2011

Gleg releases Ver 1.5 of the SCADA+ Exploit Pack for Immunity Canvas

Today (August 25, 2011), Gleg announced the availability of Version 1.5 of the SCADA+ add-on exploit pack for Immunity's CANVAS exploitation framework (much like the Metasploit Framework). As we have seen over the past few months, this release contains several new automated SCADA exploits, including several zero days.

This new release contains the following updates:
  • Broadwin\Advantech WebAccess - Blind-Error based SQL Injection with Filters Bypass (this was available via the Step Ahead program from Gleg about 1.5 months ago) (zero day)
  • Labview (version 6 and possibly others) - DoS via IPv6 Query. Based on an old bug, but commonly used Labview version.
  • Progea Movicon 11 - Remote DoS crashing the server.
 There are also some new additional featured modules via Step Ahead:
  • Carel PlantVisor Pro vulnerability - Used on nuclear plants (e.g. in Canada). Exploit allows credentials steal. (zero day)
    [SH comment: don't be alarmed here! Carel PlantVisor Pro is used for HVAC building control, and is not used as a primary safety or controls system]
  • Sunway ForceControl and pNetPower - Buffer Overflow vulnerability is known to exist (but details are not public), patch available. thousands of installations in Turkey and China (http://gleg.net/httpsrv_shodan.png shows some representative installations by country - Thanks Shodan!)
A couple of adders ... first, if you have never used Canvas by Immunity, and you are interested in obtaining your Certified Ethical Hacker certification, then you might want to consider the boot-camp course from InfoSec Institute (where I teach their SCADA Security course). The course offers each student a fully licensed copy of Canvas.

Details on the SCADA+ pack can be found on the Gleg website.  Pricing was previously available on-line, and my past investigation showed a three-month subscription for Agora SCADA+ costs US$2,250, which includes updates to the exploit pack and a single license for the Canvas framework. A one-year subscription costs $5,400 and also comes with one Canvas license. For current pricing, contact sales@immunityinc.com.

1 comment: