Thursday, September 13, 2012

All your PLC are belong to us



Siemens has published advisory “SSA-240718: Insecure storage of HTTPS CA certificate inS7-1200 V2.x”  about bug, discovered by our team. Very funny one, because PLC have built-in CA and generates valid certificates based on IP. So you can trust to CA certificate and you will have security SSL sessions with all PLCs. But as you understand all PLC have same private/public key pair for CA and private key hardcoded into firmware.
 
Not easy bug to fix, but we hope Siemens will do it.
Thus, allyour PLC are belong to us.

Posted by at No comments:
Labels: , , ,

Tuesday, September 11, 2012

New vulnerabilities in Siemens SIMATIC WinCC



Siemens has fixed vulnerabilities in SIMATIC WinCC 7.0 and SIMATIC PCS7 V8 discovered by SCADAStrangeLove team. There are very different one, from trivial XSS and CSRF (last one still unfixed) to arbitrary file reading and awesome username and password disclosure.
ShortList of bugs addresed in SSA-864051:

  • Lot of XSS and CSRF (CVE-2012-3031, CVE-2012-3028)
  • Lot of to arbitrary file reading (CVE-2012-3030)
  • SQL injection over SOAP (CVE-2012-3032)
  • Username and password disclosure via ActiveX abuse (CVE-2012-3034)

Thanks to Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Timur Yunusov.

Now we had more info for our speech at power of community. The world has become safer! Hurray!
Posted by at No comments:
Labels: , , ,
Location: Иерусалим, Израиль

Monday, September 10, 2012

SCADA StrangeLove and Power Of Community

We will speak about vulnerabilities in SCADA systems @powerofcommunity conference.

New releases comming soon.

Links:
http://www.powerofcommunity.net
https://twitter.com/#!/search/realtime/powerofcommunity

 See you @Seoul
Posted by at No comments:
Labels: ,
Location: 31-14 Taepyeongno 1(il)-ga, Jung-gu, Сеул, Южная Корея
Subscribe to: Posts (Atom)