Reported Incidents based on General Incident Classification Statistics 2013
MyCERT Advisories, Alerts and Summaries for the year 2011
|MA-275.032011 : MyCERT Alert – Exploits Released Targeting Multiple SCADA Systems Software
Date of publication: 2011-03-24
MyCERT has observed several independent researchers have published multiple vulnerabilities with exploit code for a number of Supervisory Control and Data Acquisition (SCADA) products and all of them are remotely exploitable.
Successful exploitation could allow the attacker to execute arbitrary code and might lead to unauthorized disclosure of information, unauthorized modification and also disruption of service (DoS). The real impact depends on the criticality and nature of the systems deployed.
3.0 Affected Products
The vulnerabilities discussed in recent disclosure affect the following products:
- Siemens Tecnomatix FactoryLink version 126.96.36.199 and below
- Iconics Genesis32 version 9.21 and below
- Iconics Genesis64 version 10.51 and below
- 7-Technologies IGSS version 9.00.00.11063 and below
- RealFlex Technologies DATAC RealWin version 2.1 (Build 188.8.131.52) and below
- Advantech/BroadWin WebAccess
- Ecava IntegraXor
Users of Ecava IntegraXor can obtain the patch, Ecava IntegraXor (Build 4050), which addresses this vulnerability at the following link:
For more information, please contact Ecava support at email@example.com
As of the writing of this advisory, only Ecava has released the security patch for the vulnerability. However, users of other products are recommended to:
- Minimize network exposure for all control system devices
- Locate the control system devices into the network that is not directly face the Internet
- Locate the control system networks and devices behind firewalls and isolate them from the business network
- If remote access is required, employ secure methods such as Virtual Private Networks (VPNs)
- Closely monitor the network activity for any abnormal behavior. A few IDS vendor with the collaboration from the independent/group researcher have come out with the signature that can detect most of these exploits
- Follow the Control System Security Program (CSSP) Recommended Practices, by US CERT. The document is available at the following URL:
MyCERT would also advise users to have their operating system and antivirus software up-to-date to prevent the attack vector that might come from malware.
Lastly, MyCERT would like to advise the users of these vulnerable applications to be vigilant of the latest security announcements by the respective vendors and ensure that the software are up-to-date.
MyCERT can be reached through the following channels for further assistance:
E-mail : firstname.lastname@example.org
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT