| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Mar 2011 22:30:32 +0100 From: Reversemode <advisories@...ersemode.com> To: bugtraq@...urityfocus.com Subject: SCADA Trojans: Attacking the Grid + Advantech vulnerabilities Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs - General attack against EMS Software via State Estimators. I contacted ICS-CERT to coordinate with Advantech but the vendor denied having a security flaw. So guys, the exploit I'm releasing does not exist. All is product of your mind. Well, indeed WebAccess is full of bugs. It is a RPC exploit against WebAccess Network Service, port 4592. It leaks the security code that protects the scada node in addition to demonstrate RCE on XP. Slighly modifications can be done to support other systems. Check the slides, there is more info about the vulns info there. Download Exploit source code http://www.reversemode.com/downloads/exploit_advantech.zip Download Slides [PDF] "SCADA Trojans: Attacking the Grid" http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf Regards, Ruben.
Powered by blists - more mailing lists