Saturday, March 23, 2013

ICSA-13-067-02—INVENSYS WONDERWARE WIN-XML EXPORTER IMPROPER INPUT VALIDATION VULNERABILITY

New XML/XXE OOB stuff. http://ics-cert.us-cert.gov/pdf/ICSA-13-067-02.pdf
Thanks to INVENSYS security team for quick fix.

Wednesday, March 20, 2013

WinCC vulnerabilities: fresh meat

New vulnerabilities/fixes in Siemens WinCC 7.0 SP3 Update 1

CVE-2013-0678/ MISSING ENCRYPTION OF SENSITIVE DATA

CVE-2013-0676 IMPROPER AUTHORIZATION

CVE-2013-0679 RELATIVE PATH TRAVERSAL

CVE-2013-0674, CVE-2013-0675 BUFFER OVERFLOW

+ lot of good stuff for WinCC Flexible in TIA Portal V11.

More details @infiltratecon and @phdays.

Thanks to Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, Ilya Karpov, Alexey Osipov, Sergey Gordeychik, Dmitry Nagibin and Siemens CERT/Product team.

SSA-212483
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

SSA-714398
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

ICSA-13-079-02
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

Enjoy!

PS. Exploits for WinCC? No way! This is Out Of Band.

Thursday, March 14, 2013

Black Hat XXE OOB Slides and Tools

By Timur Yunusov and Alexey Osipov.

XXOETA tool
https://github.com/Gifts/XXE-OOB-Exploitation-Toolset-for-Automation/

Black Hat: XML Out-Of-Band Data Retrieval

Enjoy!

Friday, February 15, 2013

Not by SCADA alone: ATM Hacking Video

By Dmitry Evteev, Olga Kochetova, Timur Yunusov, Alexey Osipov, Yuri Goltsev, Alexander Zaitsev .

Angry Birds on a hacked ATM

Unrestricted rightclick on ATM

Tuesday, February 5, 2013

SAS2013 release: Hacking ICS with browser v 2

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet version 2. Now with default password!

Special for Kaspersky Threatpost Security Analyst Summit.

Enjoy

Thursday, January 31, 2013

SCADA (in)security in pictures #1

How to find an HMI in the Internet

How to hack WinCC

How to find an PLC in (your) network

How to recover S7 PLC/TIA portal password

Don’t try this at home.

And don't panic. ICS (in)security so young...

Sunday, January 27, 2013

Not by SCADA alone: SCADA StrangeLove @BlackHat

Alexey Osipov and Timur Yunusov from Positive Technologies and SCADA StrangeLove team will present new attack technique at BlackHat Europe 2013. XML out-of-band data retrieval. Сool stuff.

Due research guys have found a way to use this attack against browsers, IDEs, security products and of course - SCADA. Several useful 0-1-2-3-days will be presented.

Magic "XXE OOB Exploitation Toolkit for Automation" to released.
Don’t miss your chance to became XML-hacker. XML and SCADA… Tastier together

http://www.blackhat.com/eu-13/briefings.html#Osipov