Monday, April 22, 2013

Gleg releases Ver 1.23 of the SCADA+ Exploit Pack for Immunity Canvas

Gleg announced this morning (April 22) the release of version 1.23 of the SCADA+ Exploit Pack for the Immunity Canvas framework.  This is keeping with their unofficial schedule of continuing to release updates to this exploit pack approximately every month.

A summary of recent releases includes:
  • Version 1.22 was released on February 27, 2012
  • Version 1.21 was released on February 7, 2012
  • Version 1.20 was released on December 21, 2012
  • Version 1.19 was released on November 8, 2012
I will provide details of this releases in a subsequent post.
SCADA+ 1.23 includes 2 new SCADA related 0-days against Schneider's Vijeo SCADA, along with two public DoS exploits for some well known SCADA software.

SCADA+ 1.23 modules include:
  • Schneider Electric Accutech Manager Server Denial-of-Service
  • GE Fanuc Proficy HMI/SCADA Cimplicity WebView/ThinView Server DoS
  • Schneider Electric Vijeo Web Gate Server Vulnerability [0-day]
  • Schneider Electric Vijeo Web Gate Server Denial-of-Service [0-day]
The mentioned 0-days targeting the Schneider Vijeo SCADA package do NOT appear to have been announced by ICS-CERT (Schneider advisories available here), so if you feel that you have one of these systems, it is highly advised to contact for vendor immediate for guidance.

These exploits continue to show the need to offer enhanced intrusion monitoring capabilities within the internal, trusted ICS networks. I believe that an enhanced detection infrastructure could assist asset owners in early warning and response to pending cyber attacks. If anyone is interested in discussing my solution to address these vectors, please feel free to contact me.

Information on the Gleg SCADA+ Exploit Pack can be found here, as well as information on Immunity's CANVAS here.

As always, please post your comments or suggestions to improve the usefulness of this information.

No comments:

Post a Comment