Some of the modules included in version 1.6 include:
- Cogent DataHub Directory traversal vulnerability. CVE-2011-3500.
- DAQFactory <= v.5.85 build 1853 stack based buffer overflow. CVE-2011-3492
- CarelDataServer Directory traversal vulnerability. CVE-2011-3487
- Procyon Core Server stack buffer overflow. CVE-2011-3322
- SCADAPRO <= v.4.0.0.0 unauthenticated remote command execution. no CVE, but public.
Step ahead SCADA+ users also receive additional 0days, including the following:
- CEserver buffer overflow - 0day.
This software is available for most embedded systems.
Exploit by now covers WinXP sp3 embedded. - Carel Plant Visor Pro critical information disclosure - 0day
All scada users logins+pwds steal - Carel Plant Visor Pro critical information disclosure - Second vuln. 0day
All scada users logins+pwds steal
No comments:
Post a Comment