copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » An exploit for the CitectSCADA vulnerability has bee...
 

An exploit for the CitectSCADA vulnerability has been posted on Milw0rm
Date: 08 September 2008

Click here for printable version

An exploit for the CitectSCADA vulnerability that AusCERT helped to co-ordinate the release of earlier this year, has been posted on Milw0rm. The module has been created to be included in the Metasploit framework.

"CitectSCADA (Supervisory Control and Data Acquisition) is a system with the primary function of collecting data and providing an interface to control equipment such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs) etc. with an integrated Human Machine Interface (HMI) / SCADA solution to deliver a scalable and reliable control and monitoring system. The system is composed by software installed on standard computer equipment running on commercial-of-the-shelf Microsoft Windows operating systems." [1]

While SCADA systems are not commonly exploited, due to the nature and purpose of the package (industrial automation and monitoring), the implications of this particular exploit being publicly posted on Milw0rm and within the Metasploit framework are quite serious.

Jonathan

References:
[1] Citect Corporate Profile
http://www.citect.com/index.php?option=com_content&task=view&id=94&Itemid=151


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=9806