Gleg Releases Version 1.8 of the SCADA+ Exploit Pack

Monday, December 05, 2011

Joel Langill

7b072d611db66025d89ff3137dcddfb3

Gleg releases Ver 1.8 of the SCADA+ Exploit Pack for Immunity Canvas

On November 24, Gleg released version 1.8 of the SCADA+ Exploit Pack for the Immunity Canvas framework, along with a corresponding version 2.7 of the Agora Exploit Pack.

In SCADA+ 1.8 there are modules for several fresh public SCADA/ICS vulnerabilities, most of which were recently disclosed by Luigi Auriemma.  Many of these exploits appear to be denial-of-service (DoS) exploits, so this really is not something that I think is worth the money at this time.

SCADAhacker has noticed that the vulnerabilities included with Gleg SCADA+ 1.8 regarding the Optima APIFTP Server SCADA HMI application have not yet been disclosed by ICS-CERT.  I will be posting an out-of-band advisory on this vulnerability set, and will update this blog accordingly.

The Gleg Step Ahead customers receive some additional exploit modules, including one which allows them to decrypt users credentials in Promotic SCADA and an additional SCADA-related ActiveX exploit.

SCADA+ 1.8 modules include:

  • Beckhoff TwinCAT <= 2.11.0.2004
  • Optima <= 1.5.2.13 Denial of Service
  • OPC Systems.NET <= 4.00.0048 Denial of Service
  • Data Archiver service in GE Intelligent Platforms Proficy Historian <= 3.5 SIM 17 and 4.x <= 4.0 SIM 12 Stack Overflow Proof of Concept & Denial of Service
  • Atvise webMI2ADS <= 1.0 Denial of Service
  • another Atvise webMI2ADS <= 1.0 Denial of Service
  • Atvise webMI TestServer Directory Traversal
  • PcVue <= 10.0, SVUIGrd.ocx <= 1.5.1.0 Code Execution
  • PROMOTIC <= 8.1.3 Directory Traversal leveraged to user credentials disclosure
It is worth mentioning that the SCADAhacker Vulnerability Reference List contains a great deal of information for most of these vulnerabilities and includes any publicly-disclosed PoC code.

Other SCADA/ICS vulnerabilities disclosed by Luigi Auriemma covered in the SCADAhacker Vulnerability Reference List but not included in Gleg SCADA+ include:

As always, please post your comments or suggestions to improve the usefulness of this information.

Cross-posted from SCADAHacker

Possibly Related Articles:
11671
Network->General
Information Security
SCADA Vulnerabilities Exploits Update ICS Industrial Control Systems Gleg
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.