Thursday, July 11, 2013

Gleg releases Ver 1.25 of the SCADA+ Exploit Pack for Immunity Canvas

Gleg announced on July 5 the release of version 1.25 of the SCADA+ Exploit Pack for the Immunity Canvas framework.  This is keeping with their unofficial schedule of continuing to release updates to this exploit pack approximately every month.

A summary of recent releases includes:
  • Version 1.24 was released on May 14, 2013
  • Version 1.23 was released on April 22, 2013
  • Version 1.22 was released on February 27, 2013
  • Version 1.21 was released on February 7, 2013
  • Version 1.20 was released on December 21, 2012
  • Version 1.19 was released on November 8, 2012
SCADA+ 1.25 includes 2 new SCADA related 0-days against Schneider's PLC Simulator and MOXA's AWK Search Utility, as well as two other Schneider exploits. I do not believe that these 0-days represent any real threat to operational ICS.

SCADA+ 1.25 modules include:
  • MOXA AWK Search Utility DoS [0-day]
  • Schneider Electric PLC Simulator 'sim.exe' Remote denial-of-service [0-Day]
  • Mikrotik Syslog Server for Windows 1.15 Denial of Service
  • Schneider Electric Ethernet Modules Multiple Service Default Hardcoded Credentials
  • Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer
    Overflow Vulnerability
ICS-CERT does not appear to have released any Alerts or Advisories for the MOXA AWK Utility, Schneider PLC Simulator / ModbusDrv, and Mikrotik vulnerabilities.  This is expected, as these products are not directly related to ICS. The Schneider ModbusDrv.exe vulnerability was posted on SecurityFocus and confirms that this vulnerability is locally exploitable, making it a relatively low-risk vulnerability. The Schneider Ethernet Module vulnerabilities have also been discussed on SecurityFocus and include details on exploit techniques. This can be exploited remotely, so it represents moderate-risk if these devices are present, and unauthorized network access is obtained.

Additional details and references can be found for the other exploit modules include in the SCADA+ pack:

Information on the Gleg SCADA+ Exploit Pack can be found here, as well as information on Immunity's CANVAS here.

As always, please post your comments or suggestions to improve the usefulness of this information.

No comments:

Post a Comment