Friday, August 19, 2011

New ICS-CERT Alert on GLEG Agora SCADA+

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published a new alert on the GLEG Agora SCADA+ Exploit pack. This Alert addresses release 1.4. ICS-CERT has addressed two earlier versions of the Agora SCADA+ Exploit Pack (ICSA-11-096-01 and ICS-ALERT-11-111-01). Readers will probably remember that the Agora SCADA+ Exploit Pack is an add-on for Immunity’s CANVAS system and is produced the Russian research group GLEG. The CANVAS system is an automated exploit system similar to Metasploit designed for use by penetration testers and security researchers.

According to ICS-CERTs analysis of the latest version there are 40 vulnerability exploits included in the exploit pack; most of which have been addressed by ICS-CERT alerts or advisories. Six of the vulnerabilities were publicly identified before the formation of ICS-CERT so there were no alerts or advisories for those vulnerabilities; there are CERT/NIST CVE records identified for each of these.

There are apparently 13 previously-unidentified vulnerabilities included in the list. ICS-CERT has not been able to provide any significant details on these vulnerabilities. Nor is it apparently willing and/or able to ‘confirm’ their existence. The systems potentially affected include:

• Beckhoff, TwinCAT ENI Server;

• Broadwin/Advantech, WebAccess (3);

• CACHE, Database (2);

• CodeSys, ENI Server v.;

• ITS, Unknown;

• Outlaw Automation, ICSADA;

• RealWin, Unknown;

• Trace Mode, Data Center; and

• Wintr, Unknown (2).

No comments:

/* Use this with templates/template-twocol.html */