Sunday, December 27, 2015

32C3 slides

Slides and video from 32C3 The Great Train Cyber Robbery talk.

SCADAPASS #32C3 Release

Special Chaos Communication Congress release.
List of default password for industrial control systems components.

Kudos to  Oxana Andreeva (

37 vendors.
PLC, RTU, HMI, gateways, switches, servers, wireless ap, etc

Tuesday, December 22, 2015

Now Declared Capabilities

Neat FAQ about hardcoded password in Siemens SIPROTEC 4 protective relay.

"SIPROTEC 4 and SIPROTEC Compact devices allow the display of extended internal statistics and test information... 

Sunday, December 13, 2015

The Great Train Cyber Robbery on #32C3

Christmas is coming and we are excited to visit Chaos Communication Congress in Hamburg and to speak there.

32C3 Fahrplan looks perfect and we hope you will able to visit our talk. It's difficult though because of excellent agenda full of wonderful reports...

Saturday, October 10, 2015

Saturday, September 19, 2015

Huawei advisory for HWPSIRT-2015-05103

Huawei published advisory on Huawei MBB (Mobile Broadband) product E3272s.

It's all about "Bootkit via SMS" research presented at PacSec and HITB by Timur Yunusov, Kirill Nesterov, Alexander Zaitsev.

More info: Huawei-SA-20150817-01-MBB

Huawei states it's a DoS. Let it be the DoS.


Monday, September 14, 2015

Sunny WebBox Fix

CVE-2015-3964: SMA Solar Technology AG Sunny WebBox (monitoring solution for medium-sized PV plants) Hardcoded Account Vulnerability is fixed. Presented at 31C3 by Alexander Timorin.

Thursday, August 6, 2015

SCADA with antenna

Sometimes you can meet a SCADA with antenna.
Sometimes it's a old and boring 802.11 Wi-Fi antenna.
Sometimes it's a cool bright new 3G/4G device.

Tuesday, August 4, 2015

A Few Facts on IEC61850 in China

A Few Facts on IEC61850-based Substation Integration & Automation in China by Mr Jim Y Cai, Dr Gao Xiang and Dr. Jun Zha:
- In 2013, 10 000 substations from 35KV to 10000KV with 100% 61850 based IEDs are in operation
- By the end of 2013, there are 893 fully digital substations with process bus are in operation

See you there

Monday, July 20, 2015

Bootkit via SMS (updated)

Updated slides of Bootkit via SMS research as presented at HITB by Timur Yunusov
and Kirill Nesterov.
New stuff: user tracking, "infection" statistics, suddenly vxWorks.

Monday, May 18, 2015

Friends don't let friends put SCADA on the Internet

New analytic research on ICS components vulnerabilities.

146 137 are online, (at least) 15000 can be hacked by script-kiddie.

Pictures below

Tuesday, May 5, 2015

More news from nowhere

Fixes for Inductive Automation Ignition 7.7.2. Bugs by Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai. Simple bugs, simple list.

Now or never. CIA vs Schneider Electric

Few bugs in InduSoft Web Studio and InTouch Machine Edition 2014 recently fixed by Schneider Electric were discovered during PHDays Critical Infrastructure Attack challenge. Kudos @alisaesage. For bless you.

Absolutely old-school-community-drive-responsible-disclosure in action. Many emotions left behind..


Tuesday, February 17, 2015

Monday, February 16, 2015

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

New vulnerabilities from out team and new patches from Siemens

CVE-2015-1358 and CVE-2014-4686 are all abut VNC code reuse.

CVE-2015-1355 and CVE-2015-1356 we can’t name vulnerabilities. Local weaknesses, defects in security feature implementations… But it fixed, thanks Siemens.