In keeping with their previous record of releasing updates on a regular basis, Gleg announced on December 24 the release of version 1.20 of the SCADA+ Exploit Pack for the Immunity Canvas framework.
Version 1.19 was released on November 8, 2012.
SCADA+ 1.20 includes 1 new SCADA related 0-day, along with some "old buy still useful" RTOS modules and a 0-day for a Korean router.
SCADA+ 1.20 modules include:
- QNX QCONN Remote Shutdown
- QNX PHRelay Denial-of-Service
- Directory Traversal vulnerability in cgi-bin/read.cgi in Netbiter webSCADA WS100 and WS200 (CVE-2010-4730). Additional information on HMI Industrial Network's Netbiter solutions can be found at http://www.netbiter.com.
- ANT Automation's Industrial Studio SCADA Denial-of-Service [0-day]. Additional information on ANT Automation LLC and the Industrial Studio SCADA can be found at http://ant-automation.com.
- ipTIME (South Korea) router [0-day]. Additional information on ipTIME can be found (in Korean) at http://www.iptime.co.kr/. These devices are not likely to be installed in moderate risk ICS networks.
As always, please post your comments or suggestions to improve the usefulness of this information.