CYBER COPS India Headline Animator

Saturday, September 24, 2011

More SCADA Vulnerabilities Discovered by Italian Researcher Luigi Auriemma in Industrial Systems - A Brief Overview



SCADA vulnerabilities continue to surge as Italian Security Researcher Luigi Auriemma found holes in six different systems. Companies suffering the vulnerabilities range from Rockwell Automation to Beckhoff



The vulnerabilities found in such companies' products include:



  1. AzeoTech DAQFactory Stack Overflow
  2. Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
  3. Cogent DataHub Multiple Vulnerabilities
  4. Measuresoft ScadaPro Multiple Vulnerabilities
  5. Progea Movicon Multiple Vulnerabilities
  6. Rockwell RSLogix Overflow Vulnerability
All vulnerabilities came with proof-of-concept (PoC) code which can exploit the vulnerabilities. These vulnerabilities range from denial of service (DoS), to information disclosure, to complete remote code execution. 


Following is a breakdown on the individual vulnerabilities found in the above systems:

  1. AzeoTech DAQFactory Stack Overflow: There is one stack overflow vulnerability with PoC exploit code affecting AzeoTech DAQFactory, a SCADA/HMI Product. The vulnerability is exploitable via a service running on Port 20034/UDP, according to the report.
    DAQFactory is a SCADA and HMI software used in multiple industries including water, power, and manufacturing. DAQFactory installations are primarily located in the United States and Europe.
  2. Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability: There is a vulnerability with PoC exploit code affecting Beckhoff TwinCAT, a SCADA/HMI product. Services running on Port 48899\UDP are vulnerable, according to the report.
    Beckhoff TwinCAT is a software system capable of controlling multiple PLCs in a system. This system sees use in industries including manufacturing, energy, water and wastewater, and building automation.
    Beckhoff’s headquarters is in Verl, Germany.
  3. Cogent DataHub Multiple Vulnerabilities: There are four vulnerabilities with PoC exploit code affecting Cogent DataHub. The vulnerabilities are remotely exploitable through the following ports: Stack Overflow, Remote – Ports 4052 and 4053; Integer Overflow, Remote – Port 80; Directory Traversal, Remote – Port 80; and Information Exposure, Remote – Port 80.Cogent DataHub is SCADA management software sees use in industries including manufacturing, energy, financial, and pharmaceuticals.
  4. Measuresoft ScadaPro Multiple Vulnerabilities: There are multiple vulnerabilities with PoC exploit code affecting Measuresoft ScadaPro. The vulnerabilities are remotely exploitable through Port 11234/UDP, according to the report.ScadaPro is a SCADA system used in power generation, oil and gas, pharmaceuticals, and manufacturing.Measuresoft Development Ltd. has headquarters in Louth, Ireland with an office in Missouri City, Texas.
  5. Progea Movicon Multiple Vulnerabilities: There are three vulnerabilities with PoC exploit code affecting Progea Movicon PowerHMI Version 11, a SCADA/HMI product.Movicon 11 is a HMI development system that uses a web-enabled architecture based on JAVA, including drivers for PLCs. PowerHMI Version 11 is based on SCADA HMI Movicon Version 11.
    Movicon see use primarily in Italy with a small percentage of installations in other European countries.
  6. Rockwell RSLogix Overflow Vulnerability: There is an overflow vulnerability with PoC exploit code affecting the Rockwell RSLogix 19. Services running on Port 4446 are vulnerable to a memory overflow, according to this report. Rockwell Automation provides industrial automation control and information products worldwide, across a wide range of industries. The Rockwell RSLogix family is a group of ladder logic programming packages that operates on Microsoft Windows operating systems. RSLogix 5 supports the Allen-Bradley PLC-5 family of programmable controllers.

Note: All the full name of the abbreviations used above are given below for general user understanding.
  • PoC: Proof-of-Concept
  • SCADA: Supervisory Control and Data Acquisition
  • HMI: Human-Machine Interface
  • PLC: Programmable Logic Controller