More SCADA Vulnerabilities Hit Industry

Wednesday, September 14, 2011 @ 08:09 PM gHale


SCADA vulnerabilities continue to surge as Italian security researcher Luigi Auriemma found holes in six different systems.

Companies suffering the vulnerabilities range from Rockwell Automation to Beckhoff.

The vulnerabilities include:
• AzeoTech DAQFacstory Stack Overflow
• Beckhoff TwinCAT ‘TCATSysSrv.exe’ Network Packet Denial of Service Vulnerability
• Cogent DataHub Multiple Vulnerabilities
• Measuresoft ScadaPro Multiple Vulnerabilities
• Progea Movicon Multiple Vulnerabilities
• Rockwell RSLogix Overflow Vulnerability

All vulnerabilities came with proof-of-concept (PoC) code which can exploit the vulnerabilities. These vulnerabilities range from denial of service (DoS), to information disclosure, to complete remote code execution.

RELATED STORIES
Holes Found in Siemens WinCC
One Flip Means Victims for Hackers
Breach: More SCADA System Holes
ICS, SCADA Security Boot Camp

For more information from Auriemma, click here to go to his web site.

Here is a breakdown on the individual vulnerabilities from ICS-CERT:

  • There is a vulnerability with PoC exploit code affecting Beckhoff TwinCAT, a SCADA/HMI product. Services running on Port 48899\UDP are vulnerable, according to the report. This report released without coordination with either the vendor or ICS-CERT.
    ICS-CERT has not yet verified the vulnerabilities or PoC code, but has reached out to the affected vendor to notify, confirm, and identify mitigations.
    Beckhoff TwinCAT is a software system capable of controlling multiple programmable logic controllers in a system. This system sees use in industries including manufacturing, energy, water and wastewater, and building automation. Beckhoff’s headquarters is in Verl, Germany.
  • There is an overflow vulnerability with PoC exploit code affecting the Rockwell RSLogix 19. Services running on Port 4446 are vulnerable to a memory overflow, according to this report. This report released without coordination with either the vendor or ICS-CERT.
    ICS-CERT has not yet verified the vulnerabilities or PoC code, but reached out to the affected vendor to notify, confirm, and identify mitigations.
    Rockwell Automation provides industrial automation control and information products worldwide, across a wide range of industries.
    The Rockwell RSLogix family is a group of ladder logic programming packages that operates on Microsoft Windows operating systems. RSLogix 5 supports the Allen-Bradley PLC-5 family of programmable controllers.
  • There are multiple vulnerabilities with PoC exploit code affecting Measuresoft ScadaPro. The vulnerabilities are remotely exploitable through Port 11234/UDP, according to the report. This report released without coordination with the vendor or with ICS-CERT.
    ICS-CERT reached out to the affected vendor to notify, confirm, and identify mitigations.
    ScadaPro is a supervisory control and data acquisition (SCADA) system used in power generation, oil and gas, pharmaceuticals, and manufacturing. Measuresoft Development Ltd. has headquarters in Louth, Ireland with an office in Missouri City, Texas.
  • There are four vulnerabilities with PoC exploit code affecting Cogent DataHub. The vulnerabilities are remotely exploitable through the following ports: Stack Overflow, Remote – Ports 4052 and 4053; Integer Overflow, Remote – Port 80; Directory Traversal, Remote – Port 80, and Information Exposure, Remote – Port 80.
    ICS-CERT reached out to the affected vendor to notify, confirm, and identify mitigations.
    Cogent DataHub is SCADA management software sees use in industries including manufacturing, energy, financial, and pharmaceuticals.
  • There is one stack overflow vulnerability with PoC exploit code affecting Azeotech DAQFactory, a SCADA/HMI product. The vulnerability is exploitable via a service running on Port 20034/UDP, according to the report. This report released without coordination with either the vendor or ICS-CERT.
    ICS-CERT reached out to the affected vendor to notify, confirm, and identify mitigations.
    DAQFactory is a supervisory control and data acquisition (SCADA) and human-machine interface (HMI) software used in multiple industries including water, power, and manufacturing. DAQFactory installations are primarily located in the United States and Europe.
  • There are three vulnerabilities with PoC exploit code affecting Progea Movicon PowerHMI Version 11, a SCADA/HMI product. The report released without coordination with the vendor or ICS-CERT.
    ICS-CERT reached out to the affected vendor to notify, confirm, and identify mitigations.
    Movicon 11 is a HMI (Human Machine Interface) development system that uses a web-enabled architecture based on JAVA, including drivers for programmable logic controllers (PLCs). PowerHMI Version 11 is based on SCADA HMI Movicon Version 11.
    Movicon see use primarily in Italy with a small percentage of installations in other European countries.


Leave a Reply

You must be logged in to post a comment.