In SCADA+ 1.8 there are modules for several fresh public SCADA/ICS vulnerabilities, most of which were recently disclosed by Luigi Auriemma. Many of these exploits appear to be denial-of-service (DoS) exploits, so this really is not something that I think is worth the money at this time.
SCADAhacker has noticed that the vulnerabilities included with Gleg SCADA+ 1.8 regarding the Optima APIFTP Server SCADA HMI application have not yet been disclosed by ICS-CERT. I will be posting an out-of-band advisory on this vulnerability set within the next 24 hours, and will update this blog accordingly.
The Gleg Step Ahead customers receive some additional exploit modules, including one which allows them to decrypt users credentials in Promotic SCADA and an additional SCADA-related ActiveX exploit.
SCADA+ 1.8 modules include:
- Beckhoff TwinCAT <= 184.108.40.2064
- Optima <= 220.127.116.11 Denial of Service
- OPC Systems.NET <= 4.00.0048 Denial of Service
- Data Archiver service in GE Intelligent Platforms Proficy Historian <= 3.5 SIM 17 and 4.x <= 4.0 SIM 12 Stack Overflow Proof of Concept & Denial of Service
- Atvise webMI2ADS <= 1.0 Denial of Service
- another Atvise webMI2ADS <= 1.0 Denial of Service
- Atvise webMI TestServer Directory Traversal
- PcVue <= 10.0, SVUIGrd.ocx <= 18.104.22.168 Code Execution
- PROMOTIC <= 8.1.3 Directory Traversal leveraged to user credentials disclosure
- Beckhoff TwinCAT "TCATSysSrv.exe" Network Packet Denial of Service Vulnerability
- atvise webMI Web Server Multiple Remote Vulnerabilities
- Open Automation Software OPC Systems.NET Denial-of-Server Vulnerability
- Microsys Promotic Directory Traversal and ActiveX Control Buffer Overflow Vulnerabilities
- General Electric Intelligent Platforms (GE-IP) Proficy Plant Applications Buffer Overflow Vulnerabilities
- General Electric Intelligent Platforms (GE-IP) Proficy Historian Data Archiver Buffer Overflow Vulnerability
- ARC Informatique PcVue Multiple ActiveX Vulnerabilities