http://www.darkreading.com/blog/231601549/0-day-scada-exploits-released-publicly-exposed-servers-at-risk.html By John H. Sawyer Dark Reading Sep 16, 2011 Luigi Auriemma made news back in March 2011 with the release of 34 zero-day (0-day) SCADA vulnerabilities. This week, he's back in the news with the release of 15 new 0-day advisories, 13 of which affect eight different SCADA products. SCADA (supervisory control and data acquisition) systems monitor and control devices that can make physical changes in our world. Generally, they refer to systems that manage industrial, infrastructure, and facility processes -- systems where vulnerabilities could have devastating impact. The advisories published by Luigi include short write-ups on each of the vulnerabilities, as well as proof-of-concept exploit code and examples. The affected products include those from Cogent, DAQFactory, Progea, Carel, and Rockwell, all of which fall under the general umbrella definition of SCADA. While some of the exploits include more advanced exploits, like heap and buffer overflows, some are simple Web directory traversal flaws requiring nothing more than a Web browser to exploit. An attacker can make a request like http://SERVER/..\..\..\..\..\..\boot.ini to the vulnerable Web server and retrieve files outside of the root directory of the Web server. In this example, the attacker can download the Windows boot.ini, which in and of itself is not a big concern, but does serve as good proof of the validity of the vulnerability and shows the ease in which the vulnerability can be exploited. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Mon Sep 19 2011 - 01:15:16 PDT
This archive was generated by hypermail 2.2.0 : Mon Sep 19 2011 - 01:35:26 PDT