Thursday, June 6, 2013

Invensys ICS/SCADA fixes

Invensys published updates to fix CVE-2013-0688/CVE-2013-0684/CVE-2013-0686/CVE-2013-0685 discovered by SCADA StrageLove team during assesment of ICS/SCADA based on ArchestrA System Platform. There are several trivial and some interesting bugs in Invensys Wonderware Information Server (WIS).
Patches (limited access): https://wdn.wonderware.com/sites/WDN/Pages/Downloads/Software.aspx
ICS-CERT advisory ICSA-13-113-01: https://ics-cert.us-cert.gov/advisories/ICSA-13-113-01\


  • SQLi ~10 instances
  • XSS ~30 instances
  • XXE/XXE OOB/“ADSI Injection” and other interesting stuff…


    Credits: 
    Gleb Gritsai
    Nikita Mikhalevsky
    Timur Yunusov
    Denis Baranov
    Ilya Karpov
    Vyacheslav Egoshin
    Dmitry Serebryannikov
    Alexey Osipov
    Ivan Poliyanchuk
    Evgeny Ermakov
     

      Enjoy...

    Thanks to Invensys security team for collaboration and rapid fixes.

    1 comment:

    1. Hello Everybody,
      My name is Mrs Sharon Sim. I live in Singapore and i am a happy woman today? and i told my self that any lender that rescue my family from our poor situation, i will refer any person that is looking for loan to him, he gave me happiness to me and my family, i was in need of a loan of $250,000.00 to start my life all over as i am a single mother with 3 kids I met this honest and GOD fearing man loan lender that help me with a loan of $250,000.00 SG. Dollar, he is a GOD fearing man, if you are in need of loan and you will pay back the loan please contact him tell him that is Mrs Sharon, that refer you to him. contact Dr Purva Pius, call/whats-App Contact Number +918929509036 via email:(urgentloan22@gmail.com) Thank you.

      ReplyDelete