lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4D8914F8.8080009@reversemode.com>
Date: Tue, 22 Mar 2011 22:30:32 +0100
From: Reversemode <advisories@...ersemode.com>
To: bugtraq@...urityfocus.com
Subject: SCADA Trojans: Attacking the Grid + Advantech vulnerabilities

Hi!

You can download the slides of the research I was presenting at
RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey
into attacking the power grid.

I presented:

- 0days in Advantech/BroadWin WebAccess SCADA product
- Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs
- General attack against EMS Software via State Estimators.


I contacted ICS-CERT to coordinate with Advantech but the vendor denied
having a security flaw. So guys, the exploit I'm releasing does not
exist. All is product of your mind.

Well, indeed WebAccess is full of bugs.

It is a RPC exploit against WebAccess Network Service, port 4592. It
leaks the security code that protects the scada node in addition to
demonstrate RCE on XP. Slighly modifications can be done to support
other systems.

Check the slides, there is more info about the vulns info there.

Download Exploit source code
http://www.reversemode.com/downloads/exploit_advantech.zip

Download Slides [PDF] "SCADA Trojans: Attacking the Grid"
http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf

Regards,
Ruben.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ