Researcher Scrambles to Put Exploits in Safe Hands
Knapp has not yet had the chance to validate Gleg's package because the site appears to be under a denial-of-service attack, he said. Independent researcher Luigi Auriemma discovered other code-execution vulnerabilities and released them to the security community via the Bugtraq mailing list on March 21 so the "good guys can now do the work we need to do to fix this," Knapp said.SCADA software has the same kind of software vulnerabilities and design problems that can be found in any other program, including stack and heap overflows, integer overflows and other bugs, said Auriemma. SCADA bugs can allow arbitrary commands execution, directory traversals and memory corruptions, he said. Auriemma listed at least 34 vulnerabilities in SCADA programs that control and monitor hardware sensors and mechanisms located in industrial environments like gas pipelines, airports and other critical fields. Most of the bugs allow attackers to executive code, access sensitive data stored in configuration files and disrupt equipment using the software, Auriemma said. One of the exploits allowed the attacker to launch a denial-of-service attack against a Siemens Technomatix FactoryLink system. In the "best case scenario," a DoS attack against a SCADA system would just shut off visibility, Knapp said. SCADA's primary function is to collect information about what is happening in an automated environment, including data from pumps, temperature gauges and sensors, he said. A DoS may mean the processes will continue functioning, but there will be no information coming in about what's happening. The "worst case" would be shutting down the entire process so that nothing can function, Knapp said. A DoS attack on SCADA can stop the assembly lines at a manufacturing plant, and prevent electricity from being routed to needed areas and practically any other activity in a large industrial environment, he said. Auriemma identified multiple flaws in the following products: Siemens Technomatix FactoryLink, Iconics Genesis32 and Genesis64, 7-Technologies Interactive Graphical SCADA System, and Datac RealWin systems. While vendors have been working hard at fixing and securing their software, this vulnerability dump should be a "wake up call to the industry if they haven't already been woken up by Stuxnet already," Knapp said.
While Gleg effectively put the exploits in the wild, Auriemma ensured that the right people see the information, said Knapp.