U.S. Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. ICS-CERT. Industrial Control Systems Cyber Emergency Response Team.

Alert (ICS-ALERT-11-230-01)

GLEG Agora SCADA+ Exploit Pack Update 1.4

Original release date: August 18, 2011 | Last revised: January 21, 2014

Legal Notice

All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.



Summary

The GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. The inclusion of exploits for vulnerabilities in ICS products increases the ease with which an attacker could exploit these products.

Users of the affected products should reference the ICS-CERT and/or CVE information available in Table 2 and act on the mitigation actions specific to the vulnerability. Users of affected products that have no complete mitigation, such as a patch, should work to implement relevant defensive measures including but not limited to defense in depth strategies.

ICS-CERT has prepared this Alert to provide a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations. Table 1 outlines existing public ICS-CERT products related to the Agora SCADA+ Exploit Pack.

Release DateProduct Name
April 6, 2011ICSA-11-096-01— GLEG Agora SCADA+ Exploit Pack
April 21, 2011ICS-ALERT-11-111-01—GLEG Agora SCADA+ Exploit Pack Update 1.1

The information contained in this report is neither conclusive nor comprehensive since only a general list is available for the targeted products and exploits, with limited details. The information contained in Table 2 of this Alert represents a cursory and credible snapshot of the vulnerabilities that are likely included in the exploit pack, based on ICS-CERT analysis.

Table 2 below summarizes the possible vulnerabilities for which exploits are available in the Agora SCADA+ Exploit. ICS-CERT has identified 40 potential exploits.

VendorProductVulnerability TypeCVEICS-CERT Product

DATAC

RealWin SCADA
1.06

Buffer Overflow

CVE-2010-
4142

ICSA-10-313-01

ECAVA

IntegraXor 3.6.4000

SQL Injection

CVE-2011-
1562

ICSA-11-082-01

ECAVA

IntegraXor

Web directory
traversal

CVE-2010-
4598

ICSA-10-362-01

GE

Fanuc Real Time
Information Portal 2.6.

File Upload

CVE-2008-
0175

*

ICONICS

Dialog Wrapper
Module ActiveX control

Buffer Overflow

CVE-2006-
6488

*

ICONICS

Genesis32/Genesis64
GenBroker

Denial of Service

Unknown

ICS-ALERT-11-
080-02

ICSA-11-108-01

ICONICS

Genesis32/Genesis64

Multiple

Unknown

ICS-ALERT-11-
080-02

ICSA-11-108-01

Indusoft

Web Studio 7.0

Heap corruption

CVE-2011-
0488

ICSA-10-337-01

Indusoft

Thin Client 7.0

Buffer Overflow

CVE-2011-
0340

ICSA-11-168-01

ITS

Unknown

SQL Injection

Unknown

 

Invensys/Wonderware

InFusion ActiveX
(and other products)

ActiveX Exploit

CVE-2010-
2974

 

Modbus

Ethernet OPC Server

Denial of Service

CVE-2010-
4709

ICSA-10-322-02A

MOXA

Device Manager
Tool 2.1

Buffer Overflow

CVE-2010-
4741

ICSA-10-301-01

Outlaw Automation

ICSCADA

SQL Injection

Unknown

 

RealWin

Unknown

Memory Corruption

Unknown

 

Safenet

Sentinel Protection
Server 7.4.1.0

Sentinel Keys Server 1.0.4.0

Directory Traversal

CVE-2008-
0760

*

* Vulnerability predates ICS-CERT; therefore, no Advisory was published.


Contact Information

For any questions related to this report, please contact ICS-CERT at:

Email: ics-cert@hq.dhs.gov
Toll Free: 1-877-776-7585
International Callers: (208) 526-0900

For industrial control systems security information and incident reporting: http://ics-cert.us-cert.gov

ICS-CERT continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top