工控安全

Havex Rat又一个针对ICS/SCADA系统的恶意软件

F-secure的安全研究人员于早前发现了一种针对ICS/SCADA系统的恶意软件,该恶意程序的操作者通过水坑攻击的方式经由web漏洞替换了ICS/SCADA系统制造商软件下载的方式,实现针对特殊使用群体的定向攻击,而Havex Rat除了传统的远控木马所具备的功能外,Havex Rat还能枚举当前网络中的OPC服务器,包含服务器名,OPC版本,厂商,Group,ITem等。根据ICS-CERT测试已经确定Havex可能会导致一些常见的OPC服务崩溃。

注:OPC是Object Linking and Embedding(OLE)for Process Control的缩写,它是微软公司的对象链接和嵌入技术在过程控制方面的应用。由一些世界上占领先地位的自动化系统和硬件、软件公司与微软(Microsoft)紧密合作而建立的,OPC基金会负责OPC规范的制定和发布。OPC提出了一套统一的标准,采用CLIENT/SERVER模式,针对硬件设备的驱动程序由硬件厂商或专门的公司完成,提供具有统一OPC接口的SERVER程序,软件厂商按照OPC标准访问SERVER程序,即可实现与硬件设备的通信。 

F-secure链接
ICS-CERT警报

 

About Z-0ne

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Philips iSite and IntelliSpace PACS

This medical device advisory includes mitigations for a weak password Requirements vulnerability in the Philips iSite and IntelliSpace PACS.. . . read more Thu, 08 Nov 2018 09:31:46 EST

Roche Diagnostics Point of Care Handheld Medical Devices (Update A)

This updated medical device advisory is a follow-up to the original advisory titled ICSMA-18-310-01 Roche Point of Care Handheld Medical Devices that. . . read more Tue, 06 Nov 2018 11:08:42 EST

AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)

This advisory includes mitigations for stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA’s InduSoft Web. . . read more Thu, 01 Nov 2018 10:15:37 EDT

Schneider Electric Software Update (SESU) (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-18-305-02 Schneider Electric Software Update that was published November 1,. . . read more Thu, 01 Nov 2018 10:10:16 EDT

Circontrol CirCarLife

This advisory includes mitigations for authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabiliti. . . read more Thu, 01 Nov 2018 10:05:21 EDT

Fr. Sauter AG CASE Suite

This advisory includes mitigations for an improper restriction of XML External Entity Reference vulnerability in Fr. Sauter AG's CASE Suite softw. . . read more Thu, 01 Nov 2018 10:00:11 EDT

PEPPERL+FUCHS CT50-Ex

This advisory includes mitigations for an improper privilege management vulnerability in the PEPPERL+FUCHS CT50-Ex ecom mobile computer.. . . read more Tue, 30 Oct 2018 12:23:28 EDT

GEOVAP Reliance 4 SCADA/HMI

This advisory includes mitigations for a cross-site scripting vulnerability in GEOVAP's Reliance 4 SCADA/HMI system.. . . read more Thu, 25 Oct 2018 10:05:11 EDT

Advantech WebAccess

This advisory includes mitigations for stack-based buffer overflow, and improper access control vulnerabilities in Advantech's WebAccess.. . . read more Thu, 25 Oct 2018 10:00:11 EDT

Advantech WebAccess

This advisory includes mitigations for stack-based buffer overflow, external control of file name or path, improper privilege management, and path tra. . . read more Tue, 23 Oct 2018 10:10:09 EDT

GAIN Electronic Co. Ltd SAGA1-L Series

This advisory includes mitigations for authentication bypass by capture-relay, improper access control, and improper authentication vulnerabilities in. . . read more Tue, 23 Oct 2018 10:05:48 EDT

Telecrane F25 Series

This advisory includes mitigations for an authentication bypass by capture-replay vulnerability in the Telecrane F25 Series software.. . . read more Tue, 23 Oct 2018 10:00:54 EDT

Omron CX-Supervisor

This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer, out-of-bounds read, use-after-free, an. . . read more Wed, 17 Oct 2018 08:55:45 EDT

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

This advisory includes mitigations for untrusted pointer dereference, out-of-bounds read, integer overflow to buffer overflow, path traversal, out-of-. . . read more Tue, 16 Oct 2018 14:44:39 EDT

NUUO NVRmini2 and NVRsolo

This advisory includes mitigations for stack-based buffer overflow and leftover debug code vulnerabilities in NUUO's NVRmini2 and NVRsolo network. . . read more Thu, 11 Oct 2018 10:10:11 EDT

NUUO CMS

This advisory includes mitigations for use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical res. . . read more Thu, 11 Oct 2018 10:05:11 EDT

Delta Industrial Automation TPEditor

This advisory includes mitigations for out-of-bounds write and stack-based buffer overflow vulnerabilities in the Delta Industrial Automation TPEditor. . . read more Thu, 11 Oct 2018 10:00:20 EDT

GE iFix

This advisory includes mitigations for an unsafe ActiveX control marked safe for scripting vulnerability in a Gigasoft component affecting GE’s iFix. . . read more Tue, 09 Oct 2018 10:30:34 EDT

Siemens SCALANCE W1750D

This advisory includes mitigations for a cryptographic issues vulnerability in Siemens' SCALANCE W1750D direct access point hardware.. . . read more Tue, 09 Oct 2018 10:25:37 EDT

Siemens ROX II

This advisory includes mitigations for improper privilege management vulnerabilities in the Siemens ROX II products.. . . read more Tue, 09 Oct 2018 10:20:19 EDT