Gleg releases Ver 1.27 of the SCADA+ Exploit Pack for Immunity Canvas

Like clockwork, Gleg announced on September 6 the release of version 1.27 of the SCADA+ Exploit Pack for the Immunity Canvas framework.

A summary of recent releases includes:

• Version 1.26 was released on August 14, 2013
• Version 1.25 was released on July 5, 2013
• Version 1.24 was released on May 14, 2013
• Version 1.23 was released on April 22, 2013
• Version 1.22 was released on February 27, 2013
• Version 1.21 was released on February 7, 2013
• Version 1.20 was released on December 21, 2012
• Version 1.19 was released on November 8, 2012

SCADA+ 1.27 includes 3 new SCADA related vulnerabilities; none of them are 0-days.

SCADA+ 1.27 modules include:

• pwStore Denial of Service
• 3S CODESYS Gateway-Server <= 2.3.9.27 Directory Traversal Vulnerability
• Two modules for different National Instruments LabWindows/CVI, LabVIEW, and other products ActiveXes

The Codesys vulnerability appears to contain one of the vulnerabilities communicated in ICS-CERT Advisory ICSA-13-050-01A originally disclosed by Aaron Portnoy of Exodus Intelligence and published on February 19, 2013 with an update on March 27, 2013. This exploit module has already been posted for the Metasploit Framework in the open source community. Note that this exploit targets the Gateway Server and is different than the other CODESYS vulnerability disclosed during the same time that targeted the runtime system.

Additional details and references can be found for this exploit module included in the SCADA+ pack:

• 3S CODESYS Gateway-Server Multiple Vulnerabilities
  (ICS-CERT / SecurityFocus  / PacketStorm / OSVDB)

Information on the Gleg SCADA+ Exploit Pack can be found here, as well as information on Immunity's CANVAS here.

As always, please post your comments or suggestions to improve the usefulness of this information.