Thursday, September 5, 2013

InteVyDis releases Ver 10 of the VulnDisco Exploit Pack for Immunity Canvas with ICS Modules

On September 4, InteVyDis announced version 10.0 of their VulnDisco Exploit Pack for the Immunity Canvas framework.  It appears for the first time that this pack contains ICS modules, including 0-days.



The VulnDisco Exploit Pack appears to contain roughly 300 modules, and in this version 10.0, it appears that they have offered some 0-day exploits targeting the Cogent Datahub system (components are not defined):

  • vd_cdatahub - [0day] Cogent DataHub DoS
  • vd_cdatahub2 - [0day] Cogent DataHub DoS
  • vd_cdatahub3 -  [0day] Cogent DataHub file overwrite
  • vd_cdatahub_ver - [Tool] Get version of Cogent DataHub
  • vd_cdatahub_clstat - [Tool] Get status of Cogent DataHub clients

With the limited information available, it looks like these may be related to the ICS-CERT Advisory ICSA-13-095-01 "Cogent Real-Time Systems Multiple Vulnerabilities" originally disclosed by Dillon Beresford of Cimation originally released April 5, 2013 and revised April 30, 2013.

Information on the InteVyDis VulnDisco Exploit Pack can be found here, as well as information on Immunity's CANVAS here.

As always, please post your comments or suggestions to improve the usefulness of this information.

No comments:

Post a Comment