Saturday, March 15, 2014

All your PLC are belong to us (2)

Fixes for Siemens S7 1500 PLC are published.
Thanks to Yury Goltsev, Ilya Karpov, Alexey Osipov, Dmitry Serebryannikov and Alex Timorin.
There are a lot of, but combination of Authentication bypass (INSUFFICIENT ENTROPY/CVE-2014-2251) and Hardcoded SNMP community string (once again)/NO-CVE/Unfixed is the best.

Links



http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf

http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01

Some good stuff for 1200/TIA portal in queue.

Enjoy...

Wednesday, February 5, 2014

Fixes for SIMATIC WinCC Open Architecture (SSA-342587/ICSA-14-035-01)

Good news! The Large Hadron Collider more safe now! Published fixes for several vulnerabilies in SIMATIC WinCC OA all versions prior to 3.12 P002.

Preauth RCE CVE-2014-1697
Path Traversal CVE-2014-1698
Preauth DoS CVE-2014-1699
Weak password "encryption" CVE-2014-1696

Kudos Gleb Gritsai, Ilya Karpov, and Kirill Nesterov.


Fixes and info

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf

https://ics-cert.us-cert.gov/advisories/ICSA-14-035-01

Enjoy

PS. It's all about slide 50 there

Saturday, January 4, 2014

30C3 releases: all in one

Thank you everybody for the awesome Chaos Communication Congress.

Just a collection of our 30C3 releases in one post.


ICS/SCADA/PLC Google/Shodan Cheat Sheet

http://scadastrangelove.blogspot.com/2013/12/internet-connected-icsscadaplc30c3.html

THC Hydra with Siemens S7-300 support

http://scadastrangelove.blogspot.com/2013/12/hydra-vs-siemens-s7-30030c3-release.html



Slides and video from SCADA Strangelove 2 talk. Passen Sie auf! Russischen Akzent!




Saturday, December 28, 2013

Internet connected ICS/SCADA/PLC|30C3 release

Trying to find SCADA/PLC/HMI in Internet?
No success?

SCADAStrangeLove strike forces to the rescue!

With our Pretty Shiny Sparkly™ ICS/SCADA/PLC Cheat Sheet you will become real SCADAHacker and will search for SCADA for free! Special #30C3 release by Gleb Gritsai, Alexander Timorin, Alexander Zaitsev, Sergey Gordeychik, Valentin Shilnenkov.

Please enjoy responsible!


Friday, December 27, 2013

Hydra vs Siemens S7-300|30C3 release

Special release for Chaos Communication Congress: Hydra v7.6 with Siemens S7-300 PLC password bruteforce module and dictionary. Thanks to Alexander Timorin and Van Hauser.

Download and enjoy.

PS. More details tomorrow.

Saturday, December 14, 2013

SCADA hacking @30C3

Anniversary Chaos Communication Congress going to be awesome.
We cannot stand aside. SCADA StrangeLove crowd will rock there.
Gleb Gritsai and Sergey Gordeychik will talk about thing “We already know”, but a lot of thing “We don’t know yet…”.

Yury Goltsev  and Alexander Zaitsev  on Day 3 will speak about PHDays Labyrinth.
WTF PHDays Labyrinth? It is a magic. Hacker’s Disneyland. Here it is.