SCADA+ Exploitation Pack for CANVAS

SCADA+ Exploitation Pack for CANVAS. Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it will show one post date, rather than multiple post for hassle free reading in one post. This post is about CANVAS Exploitation Pack (CEP) SCADA+, it need to be use with CANVAS Exploitation Testing Framework. SCADA+ Exploitation Pack for CANVAS is a must for those conduct exploitation testing and security assessment on SCADA/ICS. Feel free to contact E-SPIN for product and related matters.

SCADA+ Exploitation Pack for CANVAS Product Overview

One of the current trends in exploitation is targeting SCADA systems (Stuxnet). The SCADA+ pack speaks to this new trend by providing its customers with exploits for both public vulnerabilities and 0day vulnerabilities in SCADA systems. If you serve an industry that does any type of automation, the SCADA+ pack should be on your radar for running the most realistic attack scenarios and penetration tests for your customers. Attackers are very interested in your clients’ SCADA systems, you have to be too. This is an attempt to collect ALL publicly available SCADA vulnerabilities in one exploit Pack. SCADA and related vulnerabilities are very special due to their sensitive nature and possible huge impact involved to successfull exploitation. SCADA Systems are also “hard to patch”, so even old vulnerabilities are actual.

The SCADA+ Pack features:

• • Growing value ~350 exploits currently

Due to low real systems patch rank exploits are actual for a longer time

• • We try to cover most of the public SCADA vulns!

Including old and newly discovered bugs

• • 0 Days for SCADA

We conduct our own in depth research

• • Focused on Industrial software & hardware environment

Not only SCADA, but also Industrial PCs, smart chips and industrial protocols are reviewed.

• • Weak points analyses

Many industrial things suffer from weaknesses like hardcoded password and etc.

2020-Feb-29 1.99 SCADA Pack:

– ThingsBoard 2.4.1 Remote Code Execution. [1Day]

– Mitsubishi Electric smartRTU INEA ME-RTU Unauthenticated Configuration Download. CVE-2019-14927

– InTouch Edge HMI v8.1 MobileAccessTask DoS. [1Day]

2020-Jan-28 1.98 SCADA Pack:

– MajorDoMo 1.2.0b Information Disclosure , SQLis… two [1Days] – ScadaLTS 1.1 Arbitrary File Upload/Remote Code Execution [1Day]

2019-Dec-31 1.97 SCADA pack:

– Omron PLC 1.0.0 – Denial of Service. public

– MajorDoMo 1.2.0b – three nice exploits including RCE. [1Day]s

2019-Dec-5 1.96 SCADA pack:

– Siemens SICAM A8000 Series Unauthenticated Remote Denial of Service. CVE-2018-13798

– NetHome 3.0-6ae52 Arbitrary File Upload. [1Day]

– LabCollector 5.423 – SQL Injection. public

2019-Nov-1 1.95 SCADA Pack:

– RapidSCADA 5.7.0 ScadaServer – Directory Traversal. [1Day] – VxWorks TCP Urgent pointer = 0 integer underflow vulnerability. CVE-2019-12255
– BACnet Stack 0.8.6 Denial of Service vulnerability. CVE-2019-12480

2019-Sep-29 1.94 SCADA Pack:

– FANUC Robotics Virtual Robot Controller. CVE-2019-13584
– IntegraXor 8 Stable SCADA Remote Denial of Service [1Day] – XISOM X-Scada Directory Traversal [1Day] – FESTO Designer Studio DirTrav [1Day]

2019-Sep-1 1.93 SCADA pack:

– ScadaLTS 1.1 XSS. [1Day] – ScadaLTS 1.1 Arbitrary File Upload/Remote Code Execution [1Day] – Loytec LGATE-902 Path traversal. CVE-2018-14918
– AGG Software Web Server Plugin Directory Traversal. [1Day]

2019-Aug-10 1.92 SCADA Pack:

2019-Jul-23 1.91 ver. of SCADA+ contains 4 modules. List:

2019-Jun-3 1.90 ver. of SCADA+ contains 3 modules. List:

2019-May-21 1.89 ver. of SCADA+ contains 4 modules. List:

2018-Aug-29 v1.81 1.81 Scada+ 8 exploits:

– LSIS wXP RCE, DoSes.- three [1Day] exploits
– Cogent Datahub 7.3.x DoS [1Day] – Cogent DataHub Log Poisoning RCE. [1Day] – CX-Supervisor v.3.41 – Code Exec[1Day] – IntegraXor Remote Project Management. [1Day] – logi.cals logi.RTS infoleak. [1Day]

2018-Jul-30 v1.80 1.80 SCADA+ contains 8 [1Day]s ! :

– S3 Scada Remote Runtime Stop
– Advantech WebAccess(8.3)
– 3 exploits (infoleaks + file upload)!
– IntegraXor SCADA – 2 exploits! (Infoleak + filedamage) – MyScada MyPRO RCE Day] – Remote Osciloscope DoS [1Day]

2018-Jun-25 v1.79 1.79 Scada+:

– Atvise Arbitrary File Disclosure [1Day] – Atvise Privilege Escalation [1Day] – Atvise Remote Project Management [1Day] – Cogent Datahub Blind SQLi [1Day] – Piltz PASvisu DoS [1Day] – WinPLC7 Webserver Arbitrary File Disclosure [1Day]

2018-May-28 v1.78 1.78 Scada+ contains 2 modules which were added previously to ZDA (marked 1Day ) and more:

– S3 Scada QNX Remote Command Execution [1-Day] – Moxa MX-AOPC UA Server File Corrupt or DoS [1-Day] – Siemens Sicam PAS < 8.0 Hardcode RCE [CVE-2016-8567]

2018-Apr-25  v1.77 1.77 Scada+ List:

– Dream Report RCE [0-Day] – Loytec L-Studio RCE [0-Day] – WebPort info leakage [0-Day] – SearchBlox v8.3 Unauthenticated Config Altering [0-Day] – UltiDev Cassini Web Server for http://ASP.NET  2.0 info leakage [0-Day]

2018-Mar-27 v1.76 1.76 Scada+ :

– Advantech WebAccess(8.3) Dashboard Viewer Info Disclosure [0-Day] – Mango Automation File Upload RCE [0-Day] – Citect Nexa Monitoring 6.10 – Code Exec [0-Day] – Industrial Energy Management System DIAEnergie Information Disclosure

2018-Feb-28 v1.75 v1.75 Scada+:

– UCanCode ActiveX [0-Day] – LAquis SCADA infoleak [0-Day] – Ecava IntegraXor Code Exec
– Automated Logic WebCTRL 6.1 . CVE-2017-9650

2018-Jan-27 v1.74 1.74 Scada+ four! [0-Day]`s. :

– Reliance 4 SCADA Code Execution Vulnerability 0-Day
– AutomationDirect Point Of View Remote Code Execution Vulnerability 0-Day
– KingView SCADA 7.5 Directory Traversal 0-Day
– Eaton ELCSoft ELCSimulator Stack-based Buffer Overflow 0-Day