E-SPIN McAfee Application Data Monitor Product Overview
0
/ Published in Brand, Immunity, Product

SCADA+ Exploitation Pack for CANVAS

Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it will show one post date, rather than multiple post for hassle free reading in one post. This post is about CANVAS Exploitation Pack (CEP) SCADA+, it need to be use with CANVAS Exploitation Testing Framework. SCADA+ Exploitation Pack for CANVAS is a must for those conduct exploitation testing and security assessment on SCADA/ICS. Feel free to contact E-SPIN for product and related matters.

SCADA+ Exploitation Pack for CANVAS Product Overview

One of the current trends in exploitation is targeting SCADA systems (Stuxnet). The SCADA+ pack speaks to this new trend by providing its customers with exploits for both public vulnerabilities and 0day vulnerabilities in SCADA systems. If you serve an industry that does any type of automation, the SCADA+ pack should be on your radar for running the most realistic attack scenarios and penetration tests for your customers. Attackers are very interested in your clients’ SCADA systems, you have to be too. This is an attempt to collect ALL publicly available SCADA vulnerabilities in one exploit Pack. SCADA and related vulnerabilities are very special due to their sensitive nature and possible huge impact involved to successfull exploitation. SCADA Systems are also “hard to patch”, so even old vulnerabilities are actual.

The SCADA+ Pack features:

    • Growing value ~350 exploits currently

Due to low real systems patch rank exploits are actual for a longer time

    • We try to cover most of the public SCADA vulns!

Including old and newly discovered bugs

    • 0 Days for SCADA

We conduct our own in depth research

    • Focused on Industrial software & hardware environment

Not only SCADA, but also Industrial PCs, smart chips and industrial protocols are reviewed.

    • Weak points analyses

Many industrial things suffer from weaknesses like hardcoded password and etc.

2020-Feb-29 1.99 SCADA Pack:

  • ThingsBoard 2.4.1 Remote Code Execution. [1Day]
  • Mitsubishi Electric smartRTU INEA ME-RTU Unauthenticated Configuration Download. CVE-2019-14927
  •  InTouch Edge HMI v8.1 MobileAccessTask DoS. [1Day]

2020-Jan-28 1.98 SCADA Pack:

  • MajorDoMo 1.2.0b Information Disclosure , SQLis… two [1Days] – ScadaLTS 1.1 Arbitrary File Upload/Remote Code Execution [1Day]

2019-Dec-31 1.97 SCADA pack:

  • Omron PLC 1.0.0 – Denial of Service. public
  •  MajorDoMo 1.2.0b – three nice exploits including RCE. [1Day]s

2019-Dec-5 1.96 SCADA pack:

  • Siemens SICAM A8000 Series Unauthenticated Remote Denial of Service. CVE-2018-13798
  • NetHome 3.0-6ae52 Arbitrary File Upload. [1Day]
  • LabCollector 5.423 – SQL Injection. public

2019-Nov-1 1.95 SCADA Pack:

  • RapidSCADA 5.7.0 ScadaServer – Directory Traversal. [1Day]
  • VxWorks TCP Urgent pointer = 0 integer underflow vulnerability. CVE-2019-12255
  • BACnet Stack 0.8.6 Denial of Service vulnerability. CVE-2019-12480

2019-Sep-29 1.94 SCADA Pack:

  •  FANUC Robotics Virtual Robot Controller. CVE-2019-13584
  • IntegraXor 8 Stable SCADA Remote Denial of Service [1Day]
  • XISOM X-Scada Directory Traversal [1Day]
  • FESTO Designer Studio DirTrav [1Day]

2019-Sep-1 1.93 SCADA pack:

  • ScadaLTS 1.1 XSS. [1Day]
  • ScadaLTS 1.1 Arbitrary File Upload/Remote Code Execution [1Day]
  • Loytec LGATE-902 Path traversal. CVE-2018-14918
  • AGG Software Web Server Plugin Directory Traversal. [1Day]

2019-Aug-10 1.92 SCADA Pack:

– ag_WellinTech_KingSCADA_stack_overflow – WellinTech KingSCADA stack-based buffer overflow Denial of Service. public
– ag_Newport_Electronics_iDRN_iDRX_Signal_Conditioners – Newport Electronics iDRN-iDRX Signal Conditioners ActiveX Control Remote File Overwrite Vulnerability.  [1Day]
– ag_lsis_XPServiceController_dos  – LSIS XP-Server XPServiceController Denial Of Service.  [1Day]
– ag_Cogent_DataHub_8x_DoS – Cogent Datahub 8.0.x Denial of Service.  [1Day]

2019-Jul-23 1.91 ver. of SCADA+ contains 4 modules. List:

– AGG Software OPC HTTP Gateway Premium Directory Traversal [1Day] – AGG Software OPC Scada Viewer Directory Traversal [1Day] – Inductive Automation Ignition 7.6.4 XXE [1Day] – Inductive Automation Ignition 7.5.4 XML External Entity [1Day]

2019-Jun-3 1.90 ver. of SCADA+ contains 3 modules. List:

– SpiderControl 6.50.00 SCADA Editor Directory Traversal Vulnerability [1Day]
– ScadaLTS 1.1 SQL Injection  [1Day] – Prosoft RadioLinx ControlScape FH ActiveX Remote Code Execution Vulnerability [1Day]

2019-May-21 1.89 ver. of SCADA+ contains 4 modules. List:

– WAGO PFC200 PLC series Denial Of Service. [CVE-2018-8836]
–  file upload and exec for Advantech webaccess [1Day]
– attacker can retrieve and delete arbitrary files from target [1Day]
– ICPDAS eLogger Arbitrary File Upload [1Day]
2019-Apr-2 1.88 SCADA+ :
– Inductive Automation Ignition 7.5.4 Blind SQL Injection. [1Day] – LeCroy LabWindows/CVI, LabVIEW, and other products ActiveX RCE. [1Day] – Newport Electronics iDRX ActiveX unsafe method [1Day] – Delta Industrial Automation COMMGR RCE. CVE-2018-10594
and more
2019-Feb-28 1.87 SCADA+ :
– Tibbo AggreGate SCADA DoS [1Day] – Advantech WebAccess blind SQL injection + arbitrary files read from target [1Day] – QuickHMI Server v3 Antelope Denial of Service [1Day] – Reliance 4 Control Server Denial of Service [1Day]
2019-Jan-28 1.86 SCADA+ 4 public vulns covered:
– Century Star SCADA httpsvr infoleak
– Schneider Electric InduSoft Web Studio and InTouch Machine Edition – DoS
– Siemens SCALANCE S613 – Remote DoS.
– Siemens SIMATIC S7-1500 CPU – Remote DoS
2018-Dec-26 1.85 ver. of SCADA+ contains 4 modules. List:
– IGSS Arbitrary File Disclosure. [1Day]
– Advantech webaccess exec –  remote users can upload and execute malicious .aspx file. [1Day]
– CyBroHttpServer Directory Traversal. [1Day]
– DataRate v4.1 fake project file allows for Code Execution. [1Day]
2018-Dec-12 1.84 ver. of SCADA+ contains 5 modules. List:
– ESA-Automation Crew Webserver Directory Traveral [1Day]
– Loytec LWEB-900 Directory Traversal [1Day]
– Visu RCE [1Day]
– WinTr v.5.52 trojan project generation. Code Execution [1Day]

– WinTr Scada Hardcoded Credentials + Directory Traversal. [1Day]

2018-Oct-26

1.83 ver. of Scada+ contains 5 modules. List:
– VBASE VOKSERVER Info Disclosure. [1Day]
– Do-more Designer Programming Software Emulator Denial of Service. [1Day]
– GP-Pro EX HMI WinGP Runtime Arbitrary File Disclosure. [1Day]
– GP-Pro EX HMI WinGP Runtime Arbitrary File Upload. [1Day]
– KOYO C-more Programming Software Emulator Denial of Service. [1Day]

2018-Sep-26

1.82 ver. of Scada+ contains 8 modules. List:
– Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure. [1Day]
– Delta Industrial Automation Robot DRAStudio Arbitrary File Upload. [1Day]
– Infrasightlabs vScopeServer Privilege Escalation. [1Day]
– Piltz PASvisu Arbitrary File Upload. [1Day]
– Productivity Suite Programming Software v3.0.1.1 – Code Execution. [1Day]
– Reliance4 SCADA Control Server Denial of Service. [1Day]
– Simple-Scada 2 Directory Traversal and file Delete. [1Day]
– WebPort BSQLi Privilege Escalation. [1Day]

2018-Aug-29 v1.81 1.81 Scada+ 8 exploits:

– LSIS wXP RCE, DoSes.- three [1Day] exploits
– Cogent Datahub 7.3.x DoS [1Day] – Cogent DataHub Log Poisoning RCE. [1Day] – CX-Supervisor v.3.41 – Code Exec[1Day] – IntegraXor Remote Project Management. [1Day] – logi.cals logi.RTS infoleak. [1Day]

2018-Jul-30 v1.80 1.80 SCADA+ contains 8 [1Day]s ! :

– S3 Scada Remote Runtime Stop
– Advantech WebAccess(8.3)
– 3 exploits (infoleaks + file upload)!
– IntegraXor SCADA – 2 exploits! (Infoleak + filedamage) – MyScada MyPRO RCE Day] – Remote Osciloscope DoS [1Day]

2018-Jun-25 v1.79 1.79 Scada+:

– Atvise Arbitrary File Disclosure [1Day] – Atvise Privilege Escalation [1Day] – Atvise Remote Project Management [1Day] – Cogent Datahub Blind SQLi [1Day] – Piltz PASvisu DoS [1Day] – WinPLC7 Webserver Arbitrary File Disclosure [1Day]

2018-May-28 v1.78 1.78 Scada+ contains 2 modules which were added previously to ZDA (marked 1Day ) and more:

– S3 Scada QNX Remote Command Execution [1-Day] – Moxa MX-AOPC UA Server File Corrupt or DoS [1-Day] – Siemens Sicam PAS < 8.0 Hardcode RCE [CVE-2016-8567]

2018-Apr-25  v1.77 1.77 Scada+ List:

– Dream Report RCE [0-Day] – Loytec L-Studio RCE [0-Day] – WebPort info leakage [0-Day] – SearchBlox v8.3 Unauthenticated Config Altering [0-Day] – UltiDev Cassini Web Server for ASP.NET 2.0 info leakage [0-Day]

2018-Mar-27 v1.76 1.76 Scada+ :

– Advantech WebAccess(8.3) Dashboard Viewer Info Disclosure [0-Day] – Mango Automation File Upload RCE [0-Day] – Citect Nexa Monitoring 6.10 – Code Exec [0-Day] – Industrial Energy Management System DIAEnergie Information Disclosure

2018-Feb-28 v1.75 v1.75 Scada+:

– UCanCode ActiveX [0-Day] – LAquis SCADA infoleak [0-Day] – Ecava IntegraXor Code Exec
– Automated Logic WebCTRL 6.1 . CVE-2017-9650

2018-Jan-27 v1.74 1.74 Scada+ four! [0-Day]`s. :

– Reliance 4 SCADA Code Execution Vulnerability 0-Day
– AutomationDirect Point Of View Remote Code Execution Vulnerability 0-Day
– KingView SCADA 7.5 Directory Traversal 0-Day
– Eaton ELCSoft ELCSimulator Stack-based Buffer Overflow 0-Day

 

Tagged under: , , , , , ,

What you can read next

E-SPIN Core Access Insight Product Overview
RSA IT & Security Risk Management Product Overview by E-SPIN
Cascade Pilot PE (formerly Cace Pilot) Technical Live Demo Video by E-SPIN
Mobile Application Development Platform (MADP) Product Overview by E-SPIN
McAfee Server Security Suite Advance Product Overview by E-SPIN

Leave a Reply

Your email address will not be published. Required fields are marked *