Jump to content
Tuts 4 You

SCADA Trojans: Attacking the Grid...


Teddy Rogers

Recommended Posts

Teddy Rogers
You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid.

I presented:

- 0days in Advantech/BroadWin WebAccess SCADA product

- Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs

- General attack against EMS Software via State Estimators.

I contacted ICS-CERT to coordinate with Advantech but the vendor denied having a security flaw. So guys, the exploit I'm releasing does not exist. All is product of your mind.

Well, indeed WebAccess is full of bugs.

It is an RPC exploit against WebAccess Network Service, port 4592. It leaks the security code that protects the scada node in addition to demonstrate RCE on XP. Slighly modifications can be done to support other systems.

I use "RPC heap spray", I mean any opcode with the following params "[in] long arg_x, [in][ref][size_is(arg_x)] char * arg_x " can be used to create a fake object to control the execution. It could be done in other ways, but this one is funny.

Check the slides, there is more info about the vulns there.


/>http://www.reversemode.com/downloads/exploit_advantech.zip
/>http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf

Ted.

Link to comment
Share on other sites

  • 1 month later...

We're closer than ever before, but we're still light years away from hacking the gas mains so they will explode and provide cover for an operation we're conducting... (Seen SwordFish anybody? Them d00dz has got skillz0rs)

On a serious note, thanks for the share Teddy, interesting as always. :D

HR,

Ghandi

Link to comment
Share on other sites

Teddy Rogers

Actually I'm a bit more in to PLC's and industrial technology, I've got quite a few PLC's at home I work with. Its quite surprising how some (very large) companies are open to exploits and security related issues so we can expect more to happen in this area...

Ted.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...