Monday, December 24, 2012

Gleg releases Ver 1.20 of the SCADA+ Exploit Pack for Immunity Canvas

In keeping with their previous record of releasing updates on a regular basis, Gleg announced on December 24 the release of version 1.20 of the SCADA+ Exploit Pack for the Immunity Canvas framework.

Version 1.19 was released on November 8, 2012.

SCADA+ 1.20 includes 1 new SCADA related 0-day, along with some "old buy still useful" RTOS modules and a 0-day for a Korean router.

SCADA+ 1.20 modules include:
  • QNX QCONN Remote Shutdown
  • QNX PHRelay Denial-of-Service
  • Directory Traversal vulnerability in cgi-bin/read.cgi in Netbiter webSCADA WS100 and WS200 (CVE-2010-4730). Additional information on HMI Industrial Network's Netbiter solutions can be found at
  • ANT Automation's Industrial Studio SCADA Denial-of-Service [0-day]. Additional information on ANT Automation LLC and the Industrial Studio SCADA can be found at
As published with my blog update regarding v1.18 of SCADA+ in October, QNX is one of the real-time operating systems (RTOS) used in many embedded devices, including (though not important to ICS but more for general information) the BlackBerry Playbook and Colt. Of more relevance to the ICS world, QNX can be found in ICS suppliers including Emerson Process Management (Ovation and DeltaV), General Electric (Mark VI Turbine Controller), Tridium (JACE 600), as well as most major automative manufacturers!  This DoS could represent significant risk to ICS systems installed in CIKR and other critical sectors. A complete list of references, and other useful information on QNX can be found at their website

Network Devices:
  • ipTIME (South Korea) router [0-day]. Additional information on ipTIME can be found (in Korean) at These devices are not likely to be installed in moderate risk ICS networks.
Information on the Gleg SCADA+ Exploit Pack can be found here, as well as information on Immunity's CANVAS here.

As always, please post your comments or suggestions to improve the usefulness of this information.

No comments:

Post a Comment