ICS Alert

GLEG Agora SCADA+ Exploit Pack Update 1.4

Last Revised
Alert Code
ICS-ALERT-11-230-01

Description

GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. This alert provides a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations.

table.gridtable {
font-family: verdana,arial,sans-serif;
font-size:11px;
color:#333333;
border-width: 1px;
border-color: #666666;
border-collapse: collapse;
}
table.gridtable th {
border-width: 1px;
padding: 8px;
border-style: solid;
border-color: #666666;
background-color: #dedede;
}
table.gridtable td {
border-width: 1px;
padding: 8px;
border-style: solid;
border-color: #666666;
background-color: #ffffff;
}

Summary

The GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. The inclusion of exploits for vulnerabilities in ICS products increases the ease with which an attacker could exploit these products.

Users of the affected products should reference the ICS-CERT and/or CVE information available in Table 2 and act on the mitigation actions specific to the vulnerability. Users of affected products that have no complete mitigation, such as a patch, should work to implement relevant defensive measures including but not limited to defense in depth strategies.

ICS-CERT has prepared this Alert to provide a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations. Table 1 outlines existing public ICS-CERT products related to the Agora SCADA+ Exploit Pack.

Release Date Product Name
April 6, 2011 ICSA-11-096-01— GLEG Agora SCADA+ Exploit Pack
April 21, 2011 ICS-ALERT-11-111-01—GLEG Agora SCADA+ Exploit Pack Update 1.1

The information contained in this report is neither conclusive nor comprehensive since only a general list is available for the targeted products and exploits, with limited details. The information contained in Table 2 of this Alert represents a cursory and credible snapshot of the vulnerabilities that are likely included in the exploit pack, based on ICS-CERT analysis.

Table 2 below summarizes the possible vulnerabilities for which exploits are available in the Agora SCADA+ Exploit. ICS-CERT has identified 40 potential exploits.

Vendor Product Vulnerability Type CVE ICS-CERT Product

DATAC

RealWin SCADA
1.06

Buffer Overflow

CVE-2010-
4142

ICSA-10-313-01

ECAVA

IntegraXor 3.6.4000

SQL Injection

CVE-2011-
1562

ICSA-11-082-01

ECAVA

IntegraXor

Web directory
traversal

CVE-2010-
4598

ICSA-10-362-01

GE

Fanuc Real Time
Information Portal 2.6.

File Upload

CVE-2008-
0175

*

ICONICS

Dialog Wrapper
Module ActiveX control

Buffer Overflow

CVE-2006-
6488

*

ICONICS

Genesis32/Genesis64
GenBroker

Denial of Service

Unknown

ICS-ALERT-11-
080-02

ICSA-11-108-01

ICONICS

Genesis32/Genesis64

Multiple

Unknown

ICS-ALERT-11-
080-02

ICSA-11-108-01

Indusoft

Web Studio 7.0

Heap corruption

CVE-2011-
0488

ICSA-10-337-01

Indusoft

Thin Client 7.0

Buffer Overflow

CVE-2011-
0340

ICSA-11-168-01

ITS

Unknown

SQL Injection

Unknown

 

Invensys/Wonderware

InFusion ActiveX
(and other products)

ActiveX Exploit

CVE-2010-
2974

 

Modbus

Ethernet OPC Server

Denial of Service

CVE-2010-
4709

ICSA-10-322-02A

MOXA

Device Manager
Tool 2.1

Buffer Overflow

CVE-2010-
4741

ICSA-10-301-01

Outlaw Automation

ICSCADA

SQL Injection

Unknown

 

RealWin

Unknown

Memory Corruption

Unknown

 

Safenet

Sentinel Protection
Server 7.4.1.0

Sentinel Keys Server 1.0.4.0

Directory Traversal

CVE-2008-
0760

*

* Vulnerability predates ICS-CERT; therefore, no Advisory was published.

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

Other