An exploit for the CitectSCADA vulnerability has been posted on Milw0rm

Date: 08 September 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9806 An exploit for the CitectSCADA vulnerability that AusCERT helped to co-ordinate the release of earlier this year, has been posted on Milw0rm. The module has been created to be included in the Metasploit framework. "CitectSCADA (Supervisory Control and Data Acquisition) is a system with the primary function of collecting data and providing an interface to control equipment such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs) etc. with an integrated Human Machine Interface (HMI) / SCADA solution to deliver a scalable and reliable control and monitoring system. The system is composed by software installed on standard computer equipment running on commercial-of-the-shelf Microsoft Windows operating systems." [1] While SCADA systems are not commonly exploited, due to the nature and purpose of the package (industrial automation and monitoring), the implications of this particular exploit being publicly posted on Milw0rm and within the Metasploit framework are quite serious. Jonathan References: [1] Citect Corporate Profile http://www.citect.com/index.php?option=com_content&task=view&id=94&Itemid=151