Please update your plant. On recent WinCC fixes

Few days ago Siemens published update for WinCC 7.2 SCADA to fix several vulnerabilities discovered by SCADA StrangeLove team.
CVE-2013-3957 – most dangers one. Simple SQL Injection because some configuration and architectural issues an attacker can execute arbitrary code in context of SQL server. This vulnerability can be exploited not only via WebNavigator (e.g. HTTP), but via WinCC Runtime Client (e.g. OPC). So Cisco Applied Mitigation Bulletin 29768 should be fixed to filter OPC traffic also.

CVE-2013-3958 and CVE-2013-3959 is funny stuff because… Because backdoors hardcoded accounts are always funny.

Credits:
Alexander Tlyapov, Sergey Gordeychik and Timur Yunusov.

Links:

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf

https://ics-cert.us-cert.gov/advisories/ICSA-13-169-02

Thanks to Siemens Product CERT for collaboration and fixes.
Special thanks to Dec for the slide 44

Enjoy.

Invensys ICS/SCADA fixes

Invensys published updates to fix CVE-2013-0688/CVE-2013-0684/CVE-2013-0686/CVE-2013-0685 discovered by SCADA StrageLove team during assesment of ICS/SCADA based on ArchestrA System Platform. There are several trivial and some interesting bugs in Invensys Wonderware Information Server (WIS).
Patches (limited access): https://wdn.wonderware.com/sites/WDN/Pages/Downloads/Software.aspx
ICS-CERT advisory ICSA-13-113-01: https://ics-cert.us-cert.gov/advisories/ICSA-13-113-01\

• SQLi ~10 instances
• XSS ~30 instances
• XXE/XXE OOB/“ADSI Injection” and other interesting stuff…

Credits: 
Gleb Gritsai
Nikita Mikhalevsky
Timur Yunusov
Denis Baranov
Ilya Karpov
Vyacheslav Egoshin
Dmitry Serebryannikov
Alexey Osipov
Ivan Poliyanchuk
Evgeny Ermakov
 

  Enjoy...

Thanks to Invensys security team for collaboration and rapid fixes.