A summary of recent releases includes:
- Version 1.22 was released on February 27, 2012
- Version 1.21 was released on February 7, 2012
- Version 1.20 was released on December 21, 2012
- Version 1.19 was released on November 8, 2012
SCADA+ 1.23 includes 2 new SCADA related 0-days against Schneider's Vijeo SCADA, along with two public DoS exploits for some well known SCADA software.
SCADA+ 1.23 modules include:
- Schneider Electric Accutech Manager Server Denial-of-Service
- GE Fanuc Proficy HMI/SCADA Cimplicity WebView/ThinView Server DoS
- Schneider Electric Vijeo Web Gate Server Vulnerability [0-day]
- Schneider Electric Vijeo Web Gate Server Denial-of-Service [0-day]
These exploits continue to show the need to offer enhanced intrusion monitoring capabilities within the internal, trusted ICS networks. I believe that an enhanced detection infrastructure could assist asset owners in early warning and response to pending cyber attacks. If anyone is interested in discussing my solution to address these vectors, please feel free to contact me.
Information on the Gleg SCADA+ Exploit Pack can be found here, as well as information on Immunity's CANVAS here.
As always, please post your comments or suggestions to improve the usefulness of this information.