Security of the morning calm

In early November 2012, the SCADAStrangeLove striking force was thoughtless enough to accept an offer to speak at the Power of Community (POC) conference held in Seoul, South Korea. While I am still under the impression, I want to tell you how they do security in the Land of the Morning Freshness.
Many photos are under the cut.

WinCC Harvester

Metasploit module for Siemens SIMATIC WinCC forensic/postexploitation.

Use WinCC MS SQL access to harvest sensitive information (users, roles, PLCs) from the database.

Copy this file to: /opt/metasploit/msf3/modules/auxiliary/admin/scada/
Use: use auxiliary/admin/scada/wincc_harvester

Thanks to Vyacheslav Egoshin, Dmitry Nagibin, Gleb Gritsai.

Link: https://github.com/nxnrt/wincc_harvester

PLCScan the Internet

Special release for Power of Community 2012 by Dmitry Efanov: PLCScan. Feel free to contribute!

Tool for scan PLC devices over s7comm or modbus protocols.

Usage examples
plcscan.py 192.168.0.1
plcscan.py --timeout 2 192.168.0.1:102 10.0.0.0/24
plcscan.py --hosts-list hosts.txt

Link again: https://code.google.com/p/plcscan/

SCADA Safety in numbers

The number of detected vulnerabilities has increased by 20 times since 2010. 
It takes more than a month to fix each fifth vulnerability.
50% of vulnerabilities allow a hacker to execute code.
There are exploits for 35% of vulnerabilities.
41% of vulnerabilities are critical.
More than 40% of systems available from the Internet can be hacked by unprofessional users.
The third part of systems available from the Internet is located in the USA.
The fourth part of vulnerabilities is related to the lack of necessary security updates.
54% and 39% of systems available from the Internet in Europe and North America respectively are vulnerable.

Enjoy.