A summary of recent releases includes:
- Version 1.27 was released on September 6, 2013
- Version 1.26 was released on August 14, 2013
- Version 1.25 was released on July 5, 2013
- Version 1.24 was released on May 14, 2013
- Version 1.23 was released on April 22, 2013
- Version 1.22 was released on February 27, 2013
- Version 1.21 was released on February 7, 2013
- Version 1.20 was released on December 21, 2012
- Version 1.19 was released on November 8, 2012
SCADA+ 1.28 modules include:
- Moore Industries NCS (NET Concentrator System) Configuration DoS [0-day]
- Eaton HMi VU Remote DoS [0-day]
- Siemens WinCC TIA Portal miniweb.exe Remote DoS [0-day]
- Galil RIO-47000 DoS
This is an interesting release, as neither the Eaton nor Moore Industries vulnerabilities appear to have been identified by ICS-CERT (maybe it is because of the hiatus!). Information on the versatile Moore NCS product is available on YouTube. There are several PDF documents available (links not included here) on the Eaton HMi VU for reference. These could be interesting exploits, as there appears to be little documented on this vuln from the typical sources.
The Galil vulnerability is discussed in ICS-CERT Advisory ICSA-13-116-01 originally disclosed by Jon Christmas of Solera Networks published on April 26, 2013. Some interesting information on the RIO-47xxx can be found here.
It is difficult to tell whether or not the Siemens WinCC vulnerability has been previously identified and document by ICS-CERT, since there are multiple entires in 2012 and 2013 relating to the TIA Portal web services.
Information on the Gleg SCADA+ Exploit Pack can be found here, as well as information on Immunity's CANVAS here.
As always, please post your comments or suggestions to improve the usefulness of this information.