Tuesday, March 18, 2014

Recent development of ICS exploits continues upward trend of security research

In performing my daily rounds on news feeds and websites, I noticed a lot of recent developments in open-source exploit modules targeting industrial control systems. One very important part of a well-rounded ICS Security Management System (IACS-SMS per ISA 62443 terminology) is situational awareness of the actual risks facing industrial systems in terms of both vulnerabilities disclosed and the ease in converting these proof-of-concept (PoC) disclosures into workable exploit modules.


The vision of SCADAhacker.com is to assemble in a single location details relating to disclosures and exploits - as was demonstrated initially by my reference page (http://scadahacker.com/vulndb/ics-vuln-ref-list.html). This page became an overwhelming task to keep current - but rest assured it is still on the plate to update and maintain!

I wanted to provide a quick update of some recent developments in terms of disclosures, advisories and availability of useable exploit modules for some recent ICS systems. The vulnerability details are obtained via the Open-Source Vulnerability Database (OSVDB) project, exploit source code via Exploit-DB, and advisories published by ICS-CERT.

ABB MicroSCADA
     Vuln Details
     Exploit Module - (published Dec. 3, 2013 (disclosure Apr. 5, 2013)
     MSF Reference -
           windows/scada/abb_wserver_exec.rb
     ICS-CERT (none published)
     Vendor Advisory

General Electric Proficy CIMPLICITY
     Vuln Details (none available)
     Exploit Module - published Feb. 28, 2014 (disclosure Jan. 23, 2014)
     MSF Reference -   
          windows/scada/ge_proficy_cimplicity_gefebt.rb
     ICS-CERT 
     Vendor Advisory (adv1 , adv2)

WellinTech KingSCADA
     Vuln Details
     Exploit Module - published Feb. 11, 2014 (disclosure Jan. 14, 2014)
     MSF Reference -
          windows/browser/wellintech_kingscada_kxclientdownload.rb
     ICS-CERT     Vendor Advisory (none published)

Yokogawa Centum CS
     Vuln Details (v1 , v2)
     Exploit Modules (e1 , e2) - published Mar. 12, 2013 (disclosure Mar. 10, 2014)
     MSF References -
          windows/scada/yokogawa_bkhodeq_bof.rb
          windows/scada/yokogawa_bkbcopyd_bof.rb
          dos/scada/yokogawa_logsvr.rb
     ICS-CERT / JP-CERT
     Vendor Advisory

Of particular interest to me is the Yokogawa Centum CS activity. This represents a significant shift in ICS research from SCADA to traditionally more robust DCS platforms. Rapid 7 published a very interesting blog on this activity, with some very detailed information regarding the exploit.  It is important to understand that the Centum CS3000 product is at end-of-life. Since it is based on Windows XP (migration to Centum VP required to support Windows 7), users of this ICS platform will face numerous challenges as Microsoft withdraws support in April 2014.  Centum CS3000 R3 was first released in 1998 with Release 3.09 available February 2010.  Yokogawa claims to have sold over 7,600 systems worldwide that likely have installations in most process and manufacturing sectors.

These vulnerabilities target what is called the "Test Function" on the Centum system. This is an offline simulation environment that allows you to test and validate your configuration prior to downloading to an actual production controller or "Field Control Station". There are numerous risk factors associated with running the Test Function on a production system, and for this reason, installations typically have this feature enabled on off-line engineering development systems.

I published a vulnerability within the Emerson DeltaV M- and S-Series controllers in  March 2013, which was unique as it was one of the first vulnerabilities targeting a DCS controller. There had been numerous vulnerabilities disclosed for SCADA devices like PLCs, but known focused on the DCS product sector which, in my opinion, are the primary ICS systems deployed at the core of all critical process industries.

Feel free to comment or drop me a note if you have any additional information you would like to share.

31 comments:

  1. Your blog has impressive information about  Scada Software. Thanks for Share.

    ReplyDelete
    Replies
    1. I got my already programmed and blanked ATM card to withdraw the maximum of $1,000 daily for a maximum of 20 days. I am so happy about this because i got mine last week and I have used it to get $20,000. Mike Fisher Hackers is giving out the card just to help the poor and needy though it is illegal but it is something nice and he is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from Mike Fisher Hackers today! *email cyberhackingcompany@gmail.com


      Delete
  2. Hi.. your blog is very intersting. Nice to read. Thanks for sharing this

    ReplyDelete
  3. Our expertise and craftsmanship is well fame and we have an extensive variety of involvement in taking care of the necessities of customers all things considered, either from office or to home. By always procuring the notoriety from our clients we are today viewed as the best office interior designers in coimbatore

    ReplyDelete
  4. Our expertise and craftsmanship is well fame and we have an extensive variety of involvement in taking care of the necessities of customers all things considered, either from office or to home. By always procuring the notoriety from our clients we are today viewed as the best modular kitchen coimbatore price

    ReplyDelete
  5. Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available but first
    I‘ll show the proof that am real then make a deal like

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com

    ReplyDelete
  6. Thanks for this amazing post its help me a lot to solve my issues click here to download Kinemaster Mod APK

    ReplyDelete
  7. Thank you for writing can I say something for those people who are looking for one of the best website to find details about latest gadget launch, there price, fac3book, dslr full form, USSd code of airtel, idea and protected text like websites so why you are finding, its here read out Sir G.. Pinoy TV

    ReplyDelete
  8. Thanks for your informative article. This article is very informative for us. Thank You for this amazing knowledge.
    Download Call of Duty Mobile Hack Script

    ReplyDelete
  9. Thanks Admin For That Great article. I have read that article so many time for that i have thought its beautifull article ever i have read. you may also like Pinoy Tambayan with out any charge in High Quality.

    ReplyDelete
  10. I want to share a testimony on how Le_Meridian funding service helped me with loan of 2,000,000.00 USD to finance my marijuana farm project , I'm very grateful and i promised to share this legit funding company to anyone looking for way to expand his or her business project.the company is UK/USA funding company. Anyone seeking for finance support should contact them on lfdsloans@outlook.com Or lfdsloans@lemeridianfds.com Mr Benjamin is also on whatsapp 1-989-394-3740 to make things easy for any applicant. 

    ReplyDelete
  11. Thanks for sharing this good informative article admin.

    Do checkout vasthi's Portable Hydrogen Purity Analyzer: Model VHP- 200 is a light weight, easy to handle, battery-powered analyzer, used to verify measurements.

    ReplyDelete
  12. Very good info provided in the article, thanks for sharing
    Also do checkout hydrogen puriy analyzer by Vasthi which is a light weight, easy to handle, battery-powered analyzer.

    ReplyDelete
  13. Pinoy Teleserye, Pinoy Tambayan,Pinoy Tv Replay, Pinoy Lambingan, Pinoy1tv, Pinoy Tv Shows Replay, Pinoy ako.

    ReplyDelete
  14. As you know this is an extensively playing lottery in West Bengal, India. It is the first lottery game, which draws 3 times a day in Nagaland. The first result called, lottery Sambad result morning, second is Sambad lottery result 4 pm and the last result called lottery Sambad night

    ReplyDelete
  15. Hey, Wow all the posts are very informative for the people who visit this site. Good work! We also have a Website. Please feel free to visit our site. Thank you for sharing. Well written article Thank You for Sharing with Us

    ReplyDelete
  16. Lottery Sambad(লটারি সংবাদ) 23.2.2020.Now the waiters are finished, now you can become a millionaire by lottery. You can see the result of Nagaland Lottery Result 2020.Nagaland State Lottery Sambad
    Nagaland Lottery result
    Nagaland Lottery Sambad
    Lottery Sambad Night
    Sikkim State Lottery
    Lottery Sambad Morning

    ReplyDelete
  17. Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more.satta king

    ReplyDelete
  18. At once the blog might possibly unquestionably pick up famed very from post the general public, as for the meticulous content articles or maybe just necessary review articlesSatta king

    ReplyDelete
  19. A round of applause for your article.Much thanks again. Really Cool.Lawyers Guns and Money Blog

    ReplyDelete
  20. Our website is popular all around the globe especially in UAE, Saudi Arabia, Middle East, Dubai, Abu Dhabi, Oman, Qatar, and many other countries.Keep visiting our website. We will update all the Pinoy Tv, GMA Network show and ABS-CBN network shows daily. This website is a golden platform for the overseas Filipinos living all-around the world.

    ReplyDelete
  21. Thanks for posting. Very useful content shared by you. Lottery Sambad Result

    ReplyDelete
  22. Thanks Admin For That awesome article. I have read that article so many time for that i have thought its great article ever. Lottery Sambad Result

    ReplyDelete
  23. Thanks for this amazing post its help me a lot to solve my issues click here to download lottery sambad 4pm

    lottery results

    ReplyDelete
  24. Pinoy Tv Replay is another type of Pinoy Tambayan shows because there are different terms
    for each of them so Pinoy Tambayan is also a famous Keyword and Pinoy Tv Channel are also watched and loved by the people of Phillippines.
    OFWs generally can not find the place outside of their country to watch all these Pinoy Tv Shows so we are giving them a chance to bookmark our website so they can watch all of them at this place.

    ReplyDelete
  25. The report found that automotive research and development (R&D) is critical to national security. The rapid application of commercial breakthroughs in automobile technology is necessary for the United States to retain competitive military advantage and meet new defense requirements. automobile Fuel Filter Trim Removal Tools drill Drills Bits tipstools

    ReplyDelete