32C3 slides

Slides and video from 32C3 The Great Train Cyber Robbery talk.

SCADAPASS #32C3 Release

Special Chaos Communication Congress release.
List of default password for industrial control systems components.

Kudos to  Oxana Andreeva (oxana.andreeva@inbox.ru)

37 vendors.
PLC, RTU, HMI, gateways, switches, servers, wireless ap, etc

Now Declared Capabilities

Neat FAQ about hardcoded password in Siemens SIPROTEC 4 protective relay.

"SIPROTEC 4 and SIPROTEC Compact devices allow the display of extended internal statistics and test information... 

The Great Train Cyber Robbery on #32C3

Christmas is coming and we are excited to visit Chaos Communication Congress in Hamburg and to speak there.

32C3 Fahrplan looks perfect and we hope you will able to visit our talk. It's difficult though because of excellent agenda full of wonderful reports...

updated and updated and updated

Updated and updated and updated slides of Bootkit via SMS research as presented at Zeronights by Timur Yunusov.

BadUSB over the Internet?

Can you exploit BadUSB over the Internet?

Just two links:

Huawei advisory for HWPSIRT-2015-05103

Huawei published advisory on Huawei MBB (Mobile Broadband) product E3272s.

It's all about "Bootkit via SMS" research presented at PacSec and HITB by Timur Yunusov, Kirill Nesterov, Alexander Zaitsev.

More info: Huawei-SA-20150817-01-MBB

Huawei states it's a DoS. Let it be the DoS.

Enjoy

Sunny WebBox Fix

CVE-2015-3964: SMA Solar Technology AG Sunny WebBox (monitoring solution for medium-sized PV plants) Hardcoded Account Vulnerability is fixed. Presented at 31C3 by Alexander Timorin.

PHDays V video/community edition

SCADA with antenna

Sometimes you can meet a SCADA with antenna.
Sometimes it's a old and boring 802.11 Wi-Fi antenna.
Sometimes it's a cool bright new 3G/4G device.

A Few Facts on IEC61850 in China

A Few Facts on IEC61850-based Substation Integration & Automation in China by Mr Jim Y Cai, Dr Gao Xiang and Dr. Jun Zha:
- In 2013, 10 000 substations from 35KV to 10000KV with 100% 61850 based IEDs are in operation
- By the end of 2013, there are 893 fully digital substations with process bus are in operation

See you there http://xcon.xfocus.org/

Bootkit via SMS (updated)

Updated slides of Bootkit via SMS research as presented at HITB by Timur Yunusov
and Kirill Nesterov.
New stuff: user tracking, "infection" statistics, suddenly vxWorks.

Friends don't let friends put SCADA on the Internet

New analytic research on ICS components vulnerabilities.

146 137 are online, (at least) 15000 can be hacked by script-kiddie.

Pictures below

More news from nowhere

Fixes for Inductive Automation Ignition 7.7.2. Bugs by Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai. Simple bugs, simple list.

CVE-2015-0976

CVE-2015-0991

CVE-2015-0992

CVE-2015-0993

CVE-2015-0994

CVE-2015-0995

Now or never. CIA vs Schneider Electric

Few bugs in InduSoft Web Studio and InTouch Machine Edition 2014 recently fixed by Schneider Electric were discovered during PHDays Critical Infrastructure Attack challenge. Kudos @alisaesage. For bless you.

Absolutely old-school-community-drive-responsible-disclosure in action. Many emotions left behind..

Enjoy

Kaspersky SAS 2015 CablemeltingBAD

Slides from Kaspersky SAS "SCADA in the cloud" talk. If you saw our 31C3 report you can start from the slide N36.

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

New vulnerabilities from out team and new patches from Siemens

CVE-2015-1358 and CVE-2014-4686 are all abut VNC code reuse.

CVE-2015-1355 and CVE-2015-1356 we can’t name vulnerabilities. Local weaknesses, defects in security feature implementations… But it fixed, thanks Siemens.