Operating System:

[Win]

Published:

23 March 2011

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2011.0023
       Multiple vulnerabilities reported in multiple SCADA products
                               23 March 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              RealFlex RealWin
                      Siemens Tecnomatix FactoryLink
                      Iconics GENESIS32
                      Iconics GENESIS64
                      7-Technologies IGSS
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:           Mitigation
Member content until: Friday, April 22 2011

OVERVIEW

        A security researcher has released thirty-four security advisories 
        affecting Supervisory Control and Data Acquisition (SCADA) systems.
        The vendors affected are:
        
           Siemens Tecnomatix FactoryLink [1]
           Iconics GENESIS32 and GENESIS64 [2]
           7-Technologies IGSS (Interactive Graphical SCADA System) [3]
           RealFlex RealWin [4]
        
        AusCERT has not confirmed any of these vulnerabilties. Proof of concept
        is available.
        
        RealFlex is investigating the report. [5]


IMPACT

        Remote code execution may be possible without authentication.


MITIGATION

        AusCERT recommends that users' of SCADA systems restrict access to
        the network in which the system resides.  Access to these hosts and 
        networks should be restricted via Virtual Private Network (VPN) and
        not be accessible via public Internet Protocol address space.
        
        The affected products and the relevant ports are as follows:
        
          Siemens Tecnomatix FactoryLink
            7580 CSService (Windows Service)
            7579 vrn.exe server
            6096 datasrv
        
          Iconics GENESIS32 and GENESIS64
            38080 GenBroker (Windows Service)
          
          IGSS (Interactive Graphical SCADA System)
            12401 IGSSdataServer.exe
            12397 dc.exe
        
          RealFlex RealWin
            910/TCP
            912/TCP


REFERENCES

        [1] ICS-ALERT-11-080-01 MULTIPLE VULNERABILITIES IN SIEMENS TECNOMATIX
            FACTORYLINK
            http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-01.pdf

        [2] ICS-ALERT-11-080-02 MULTIPLE VULNERABILITIES IN ICONICS GENESIS
            (32 & 64)
            http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-01.pdf

        [3] ICS-ALERT-11-080-03 MULTIPLE VULNERABILITIES IN 7-TECHNOLOGIES IGSS
            http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf

        [4] ICS-ALERT-11-080-04 MULTIPLE VULNERABILITIES IN REALFLEX REALWIN
            http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf

        [5] SCADA - RealFlex Technologies Ltd. - SECURE SCADA SOFTWARE
            http://www.realflex.com/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://www.auscert.org.au/1967

iD8DBQFNiWYA/iFOrG6YcBERAvuCAJ4vOL5btWjEL6uiPvr/nO2ZsdCvJACgtyQ5
KbDo9zSZckMp9/mPePoNmiw=
=jpWy
-----END PGP SIGNATURE-----