Thursday, April 7, 2011

New ICS-CERT Publications

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published links to two new ICS advisories and a new monthly newsletter. One advisory provides further updated information on the Siemens FactoryLink vulnerabilities reported last month by Luigi. The second advisory provides more information on the recently released Agora SCADA+ Exploit Pack.

ICS-CERT Monthly Monitor

It looks like ICS-CERT is trying to establish a monthly newsletter to provide the control system community to keep up to date on what’s going on in the security arena. The April edition of the Monthly Monitor provides an interesting summary of events that have been going on over the last few months including a list of released alerts and advisories.

There is an interesting summary of some investigations that the teams have undertaken at some water treatment facilities (the summaries have been combined and scrubbed to remove any juicy (revealing) details. The ‘lessons learned’ section doesn’t provide any real new information, but it does emphasize some important control system security issues.

If ICS-CERT keeps up this level of quality on these monthly newsletters, they will become an important part of the ICS security literature that should be reviewed by everyone working with and/or managing control system security. I would like to suggest that DHS consider establishing a subscription based email distribution of these newsletters. It would be well worth the effort.

FactoryLink Advisory Update

The updated advisory on the Siemens FactoryLink vulnerability provides confirmation by ICS-CERT that the patch provided by Siemens does adequately correct the previously identified vulnerabilities.

Agora SCADA+ Exploit Pack

The advisory on the Gleg Agora SCADA+ Exploit Pack for the Canvas system is an interesting summary on this package of adaptations of a large number of industrial control system vulnerabilities and exploits for use in penetration testing. There has been some discussion about this package in a number of control system security blogs. The new information here is a summary of the known vulnerabilities that ICS-CERT believes to be included in the latest update of SCADA+.

The advisory also notes that it appears that there may be five previously unidentified (0-Day) vulnerabilities include. Apparently there are not enough technical details about these vulnerabilities provided to ICS-CERT to allow them to completely verify their status.

ICS-CERT is careful to explain that this is a preliminary report, noting:

“Please note that at this time, the information contained in this report is not conclusive, nor is it comprehensive. This report represents a cursory and credible snapshot of the vulnerabilities that are likely contained in the pack, based on the analysis conducted by ICS-CERT.”

No comments:

/* Use this with templates/template-twocol.html */