Russian security team to upgrade SCADA exploit tool

Gleg plans to add the latest public SCADA exploits into a penetration testing tool from Immunity

A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher.

The three-person company, called Gleg, is based in Moscow and specializes in vulnerability research. It recently began focusing on problems within SCADA (supervisory control and data acquisition) systems, which are used in factories, utilities and many other kinds of industrial applications, said Yuriy Gurkin, Gleg's CEO.

Gleg works with the Miami company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities, along the same lines as the Metasploit tool.

Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg's main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day, or new, vulnerabilties and those discovered by its research team.

About two weeks ago, Gleg released Agora SCADA+, a new add-on for Canvas, Gurkin said. It contains 27 exploits for SCADA software and will mostly likely have around 35 exploits when an upgrade is released next week, he said.

Gurkin said Gleg is incorporating the exploits written by Luigi Ariemma, who found about 50 vulnerabilities in four SCADA products made by Siemens, Iconics, 7-Technologies and Datac. All four companies had products with remotely exploitable vulnerabilities.

On his website, Ariemma self-published vulnerability details, which were also published on Bugtraq. He did not inform the vendors prior to releasing the information, something that is considered bad form by some in the security community. Officials at two of the vendors -- 7-Technologies and Datac -- said earlier this week they were working on patches.

Gurkin said he believes responsible disclosure practices are out of date.

"We, like Luigi, don't notify vendors," Gurkin said. "This is a waste of time."

However, Gleg's partner Immunity does vet organizations that are interested in buying Canvas to verify they are not going to use the product in a malicious way.

Gurkin said he has seen increasing requests from companies for SCADA audits. "Sometimes our partners who use different SCADA software ask us to check something they have, with terms like 'You give us recommendations, we give you access to the system'," he said.

The high-profile Stuxnet malware has also prompted wider concern, he said. Stuxnet is a worm that was designed to target Siemens' WinCC industrial control software. It was packaged with four zero-day exploits for Microsoft Windows. It is now widely believed that Stuxnet was designed to disrupt Iran's uranium enrichment program.

SCADA software was often not intended to be connected to the Internet, but nonetheless more companies have done that anyway, which poses security risks, Gurkin said. Companies in the SCADA field are also not as open as other software companies about exchanging security tips and knowledge, he said.

A three-month subscription for Agora SCADA+ costs $US2,250, which includes updates to the exploit pack and a single license for the Canvas framework. A one-year subscription costs $5,400 and also comes with one Canvas license.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresoftwareintrusionImmunityExploits / vulnerabilitiesGleg

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?