Russian security team to upgrade SCADA exploit tool

Gleg plans to add the latest public SCADA exploits into a penetration testing tool from Immunity

A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher.

The three-person company, called Gleg, is based in Moscow and specializes in vulnerability research. It recently began focusing on problems within SCADA (supervisory control and data acquisition) systems, which are used in factories, utilities and many other kinds of industrial applications, said Yuriy Gurkin, Gleg's CEO.

Gleg works with the Miami company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities, along the same lines as the Metasploit tool.

Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg's main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day, or new, vulnerabilties and those discovered by its research team.

About two weeks ago, Gleg released Agora SCADA+, a new add-on for Canvas, Gurkin said. It contains 27 exploits for SCADA software and will mostly likely have around 35 exploits when an upgrade is released next week, he said.

Gurkin said Gleg is incorporating the exploits written by Luigi Ariemma, who found about 50 vulnerabilities in four SCADA products made by Siemens, Iconics, 7-Technologies and Datac. All four companies had products with remotely exploitable vulnerabilities.

On his website, Ariemma self-published vulnerability details, which were also published on Bugtraq. He did not inform the vendors prior to releasing the information, something that is considered bad form by some in the security community. Officials at two of the vendors -- 7-Technologies and Datac -- said earlier this week they were working on patches.

Gurkin said he believes responsible disclosure practices are out of date.

"We, like Luigi, don't notify vendors," Gurkin said. "This is a waste of time."

However, Gleg's partner Immunity does vet organizations that are interested in buying Canvas to verify they are not going to use the product in a malicious way.

Gurkin said he has seen increasing requests from companies for SCADA audits. "Sometimes our partners who use different SCADA software ask us to check something they have, with terms like 'You give us recommendations, we give you access to the system'," he said.

The high-profile Stuxnet malware has also prompted wider concern, he said. Stuxnet is a worm that was designed to target Siemens' WinCC industrial control software. It was packaged with four zero-day exploits for Microsoft Windows. It is now widely believed that Stuxnet was designed to disrupt Iran's uranium enrichment program.

SCADA software was often not intended to be connected to the Internet, but nonetheless more companies have done that anyway, which poses security risks, Gurkin said. Companies in the SCADA field are also not as open as other software companies about exchanging security tips and knowledge, he said.

A three-month subscription for Agora SCADA+ costs $US2,250, which includes updates to the exploit pack and a single license for the Canvas framework. A one-year subscription costs $5,400 and also comes with one Canvas license.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwaresoftwaredata breachintrusionImmunityExploits / vulnerabilitiesGleg

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?