Supervisory Control And Data Acquisition, or SCADA, generally refers to the computers that control industrial and infrastructure systems. These include systems found in power plants, nuclear reactors, commercial buildings and more. The last few weeks have seen another serious blow to the perception of SCADA security.
On March 21st, Luigi Auriemma posted to the Full-Disclosure mail list announcing his research and vulnerability findings in SCADA products from vendors such as Siemens, Iconics, 7-Technologies and DATAC. Auriemma’s post included links to 34 advisories ranging from overflows to denial of service. Due to the sensitive nature of SCADA systems and the resources they control, his research made the news. A day later, Ruben Santamarta (aka reversemode) announced the availability of vulnerability information in SCADA vendors including Advantech/BroadWin and CSE-Semaphore. The next day, US-Cert issued an advisory about SQL injection vulnerability in Ecava IntegraXor, another SCADA system.
Gleg, a Moscow based security company, announced that they were updating their recently released Agora SCADA+ vulnerability pack (containing 11 0-day SCADA vulnerabilities) with exploit code for the vulnerabilities disclosed by Auriemma. Gleg’s exploit pack is a drop-in module for Immunity’s CANVAS exploit framework.
Building on Nessus’ ability to scan for vulnerabilities in SCADA systems, Tenable has released 7 new plugins over the last week:
- Movicon TcpUploadServer Data Leakage (remote check)
- Movicon TcpUploadServer Detection
- Movicon < 11.2 Build 1084
- Movicon Detection
- IGSS Data Server Directory Traversal
- 7-Technologies IGSS Detection
- RealWin < 2.1.10 Multiple Packet Type Processing Overflows
Tenable will continue to develop plugins to assist SCADA administrators in securing their networks and is committed to helping our customers test and monitor SCADA devices and control system technologies. Our partner, Digital Bond, has written dozens of Nessus audit polices for a wide variety of control system applications that are available to the general public. In addition, Tenable’s Passive Vulnerability Scanner can be deployed to continuously monitor control systems to detect a wide variety of protocols, applications and vulnerabilities.