GLEG Agora SCADA+ Exploit Pack Update 1.4
Description
GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. This alert provides a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations. table.gridtable { font-family: verdana,arial,sans-serif; font-size:11px; color:#333333; border-width: 1px; border-color: #666666; border-collapse: collapse; } table.gridtable th { border-width: 1px; padding: 8px; border-style: solid; border-color: #666666; background-color: #dedede; } table.gridtable td { border-width: 1px; padding: 8px; border-style: solid; border-color: #666666; background-color: #ffffff; }
Summary
The GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. The inclusion of exploits for vulnerabilities in ICS products increases the ease with which an attacker could exploit these products.
Users of the affected products should reference the ICS-CERT and/or CVE information available in Table 2 and act on the mitigation actions specific to the vulnerability. Users of affected products that have no complete mitigation, such as a patch, should work to implement relevant defensive measures including but not limited to defense in depth strategies.
ICS-CERT has prepared this Alert to provide a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations. Table 1 outlines existing public ICS-CERT products related to the Agora SCADA+ Exploit Pack.
| Release Date | Product Name |
|---|---|
| April 6, 2011 | ICSA-11-096-01— GLEG Agora SCADA+ Exploit Pack |
| April 21, 2011 | ICS-ALERT-11-111-01—GLEG Agora SCADA+ Exploit Pack Update 1.1 |
The information contained in this report is neither conclusive nor comprehensive since only a general list is available for the targeted products and exploits, with limited details. The information contained in Table 2 of this Alert represents a cursory and credible snapshot of the vulnerabilities that are likely included in the exploit pack, based on ICS-CERT analysis.
Table 2 below summarizes the possible vulnerabilities for which exploits are available in the Agora SCADA+ Exploit. ICS-CERT has identified 40 potential exploits.
| Vendor | Product | Vulnerability Type | CVE | ICS-CERT Product |
|---|---|---|---|---|
| DATAC | RealWin SCADA 1.06 |
Buffer Overflow | CVE-2010- 4142 |
ICSA-10-313-01 |
| ECAVA | IntegraXor 3.6.4000 | SQL Injection | CVE-2011- 1562 |
ICSA-11-082-01 |
| ECAVA | IntegraXor | Web directory traversal |
CVE-2010- 4598 |
ICSA-10-362-01 |
| GE | Fanuc Real Time Information Portal 2.6. |
File Upload | CVE-2008- 0175 |
* |
| ICONICS | Dialog Wrapper Module ActiveX control |
Buffer Overflow | CVE-2006- 6488 |
* |
| ICONICS | Genesis32/Genesis64 GenBroker |
Denial of Service | Unknown |
ICS-ALERT-11- ICSA-11-108-01 |
| ICONICS | Genesis32/Genesis64 | Multiple | Unknown |
ICS-ALERT-11- ICSA-11-108-01 |
| Indusoft | Web Studio 7.0 | Heap corruption | CVE-2011- 0488 |
ICSA-10-337-01 |
| Indusoft | Thin Client 7.0 | Buffer Overflow | CVE-2011- 0340 |
ICSA-11-168-01 |
| ITS | Unknown | SQL Injection | Unknown | |
| Invensys/Wonderware | InFusion ActiveX (and other products) |
ActiveX Exploit | CVE-2010- 2974 |
|
| Modbus | Ethernet OPC Server | Denial of Service | CVE-2010- 4709 |
ICSA-10-322-02A |
| MOXA | Device Manager Tool 2.1 |
Buffer Overflow | CVE-2010- 4741 |
ICSA-10-301-01 |
| Outlaw Automation | ICSCADA | SQL Injection | Unknown | |
| RealWin | Unknown | Memory Corruption | Unknown | |
| Safenet |
Sentinel Protection Sentinel Keys Server 1.0.4.0 |
Directory Traversal | CVE-2008- 0760 |
* |
* Vulnerability predates ICS-CERT; therefore, no Advisory was published.
This product is provided subject to this Notification and this Privacy & Use policy.
Vendor
- Other