BugTraq
Vulnerabilities in some SCADA server softwares Mar 21 2011 04:16PM
Luigi Auriemma (aluigi autistici org) (1 replies)
The following are almost all the vulnerabilities I found for a quick
experiment some months ago in certain well known server-side SCADA
softwares still vulnerable in this moment.

In case someone doesn't know SCADA (like me before the tests): it's
just one or more softwares (usually a core, a graphical part and a
database) that allow people to monitor and control the various hardware
sensors and mechanisms located in industrial environments like nuclear
plants, refineries, gas pipelines, airports and other less and more
critical fields that go from the energy to the public infrastructures
and obviously also the small "normal" industries.

In technical terms the SCADA software is just the same as any other
software used everyday, so with inputs (in this case they are servers
so the input is the TCP/IP network) and vulnerabilities: stack and heap
overflows, integer overflows, arbitrary commands execution, format
strings, double and arbitrary memory frees, memory corruptions, directory
traversals, design problems and various other bugs.

Full-disclosure advisories and proof-of-concepts:

Siemens Tecnomatix FactoryLink:
http://aluigi.org/adv/factorylink_1-adv.txt
http://aluigi.org/adv/factorylink_2-adv.txt
http://aluigi.org/adv/factorylink_3-adv.txt
http://aluigi.org/adv/factorylink_4-adv.txt
http://aluigi.org/adv/factorylink_5-adv.txt
http://aluigi.org/adv/factorylink_6-adv.txt (DoS only)

Iconics GENESIS32 and GENESIS64:
http://aluigi.org/adv/genesis_1-adv.txt
http://aluigi.org/adv/genesis_2-adv.txt
http://aluigi.org/adv/genesis_3-adv.txt
http://aluigi.org/adv/genesis_4-adv.txt
http://aluigi.org/adv/genesis_5-adv.txt
http://aluigi.org/adv/genesis_6-adv.txt
http://aluigi.org/adv/genesis_7-adv.txt
http://aluigi.org/adv/genesis_8-adv.txt
http://aluigi.org/adv/genesis_9-adv.txt
http://aluigi.org/adv/genesis_10-adv.txt
http://aluigi.org/adv/genesis_11-adv.txt
http://aluigi.org/adv/genesis_12-adv.txt
http://aluigi.org/adv/genesis_13-adv.txt

7-Technologies IGSS (Interactive Graphical SCADA System):
http://aluigi.org/adv/igss_1-adv.txt
http://aluigi.org/adv/igss_2-adv.txt
http://aluigi.org/adv/igss_3-adv.txt
http://aluigi.org/adv/igss_4-adv.txt
http://aluigi.org/adv/igss_5-adv.txt
http://aluigi.org/adv/igss_6-adv.txt
http://aluigi.org/adv/igss_7-adv.txt
http://aluigi.org/adv/igss_8-adv.txt

DATAC RealWin:
http://aluigi.org/adv/realwin_2-adv.txt
http://aluigi.org/adv/realwin_3-adv.txt
http://aluigi.org/adv/realwin_4-adv.txt
http://aluigi.org/adv/realwin_5-adv.txt
http://aluigi.org/adv/realwin_6-adv.txt
http://aluigi.org/adv/realwin_7-adv.txt
http://aluigi.org/adv/realwin_8-adv.txt

---
Luigi Auriemma
http://aluigi.org

[ reply ]
Re: Vulnerabilities in some SCADA server softwares Mar 21 2011 05:11PM
J. Oquendo (sil infiltrated net) (4 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 08:28PM
Pavel Kankovsky (peak argo troja mff cuni cz)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 03:27PM
Kent Borg (kentborg borg org) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 08:10PM
J. Oquendo (sil infiltrated net)
Re: Vulnerabilities in some SCADA server softwares Mar 22 2011 09:24PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 02:46PM
R Michael Williams (rmwstealth comcast net) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 04:52PM
Michal Zalewski (lcamtuf coredump cx)
RE: Vulnerabilities in some SCADA server softwares Mar 23 2011 02:43PM
Jim Harrison (Jim isatools org) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 04:54PM
Luigi Auriemma (aluigi autistici org)
Re: Vulnerabilities in some SCADA server softwares Mar 21 2011 08:02PM
Luigi Auriemma (aluigi autistici org)


 

Privacy Statement
Copyright 2010, SecurityFocus