Vulnerabilities in SCADA systems, after the mass propagation of the Stuxnet worm, have become journalists' favorite bugbear and a nightmare for all who has something to do with industry and national security.
How difficult is it to detect a vulnerability in SCADA systems? Which attack vectors are the most dangerous for such systems? How many unfixed vulnerabilities in SCADA are known as yet?
The reporter will practically demonstrate 0-day vulnerabilities in some popular systems of production process management.
4. SCADA security SCADA ON THE WEB THERE ARE HUNDREDS OF SCADA SYSTEMS ALREADY EXPOSED TO INTERNET! Let us show «banners» for two SCADA systems, And SHODAN search results for them....
5. SCADa SCX SCADa e.g. SCX SCADA: SCX ADVANCED INDUSTRIAL AUTOMATION SOFTWARE ...the integrated SCX Web server is a standard component of the SCX product. Web Clients have access to all SCADA system functions...
6. SCADA SCX SCADA banner 1) “SCXWebServer” **************************** HTTP/1.1 200 OK Content-Encoding: deflate Date: Tue, 14 Dec 2010 19:09:52 GMT Expires: Tue, 14 Dec 2010 19:09:52 GMT Cache-Control: no-cache Server: SCXWebServer/6.0 — here is banner Content-Type: text/xml Content-Length: 1504 *********************** Search results for this:
7.
8. SCADA security Codesys ENI server exploit CoDeSys Eni server: In this case the banner looks like: «ENIServer» (though there are many same kind servers available from different SCADA developers... all seems to be based on codesys...?) Again, let's search it on the web ...and show how it could be exploited using SCADA+ Pack 0day exploit for CoDeSys Eni Server.
9.
10. SCADA SCADA Video of exploitation: http://pentesting.ru/eniserver.rar
11.
12.
13.
14. SCADA SCADA attack This could be helpfull for hacker... you could exloit some buffer overfow, enable Rdesktop and have fun with SCADA devices
15. SCADA security SCADA Current tools has limited Functionality for SCADA... e.g. Shodan — searches only 80, 21, 22, 161, 5060 ports... But, e.g. Realwin has vuln services on 910, 912 port In that case you will need to search yourself... but as long as there are dozens of scanners — this is not a problem. Also you could write your own.
16.
17.
18. SCADA security Resume: We have shown that SCADA systems ARE ALREADY AVAILABLE FROM THE INTERNET... and some could be exploited right now...
19. SCADA Positive Hack Days. Thanks for your attention [email_address] http:// www.gleg.net