0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/blog/231601549/0-day-scada-exploits-released-publicly-exposed-servers-at-risk.html

By John H. Sawyer
Dark Reading
Sep 16, 2011

Luigi Auriemma made news back in March 2011 with the release of 34 
zero-day (0-day) SCADA vulnerabilities. This week, he's back in the news 
with the release of 15 new 0-day advisories, 13 of which affect eight 
different SCADA products.

SCADA (supervisory control and data acquisition) systems monitor and 
control devices that can make physical changes in our world. Generally, 
they refer to systems that manage industrial, infrastructure, and 
facility processes -- systems where vulnerabilities could have 
devastating impact.

The advisories published by Luigi include short write-ups on each of the 
vulnerabilities, as well as proof-of-concept exploit code and examples. 
The affected products include those from Cogent, DAQFactory, Progea, 
Carel, and Rockwell, all of which fall under the general umbrella 
definition of SCADA.

While some of the exploits include more advanced exploits, like heap and 
buffer overflows, some are simple Web directory traversal flaws 
requiring nothing more than a Web browser to exploit. An attacker can 
make a request like http://SERVER/..\..\..\..\..\..\boot.ini to the 
vulnerable Web server and retrieve files outside of the root directory 
of the Web server. In this example, the attacker can download the 
Windows boot.ini, which in and of itself is not a big concern, but does 
serve as good proof of the validity of the vulnerability and shows the 
ease in which the vulnerability can be exploited.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/