Two minor vulnerabilities in Clorius Controls ICS SCADA

Spent some time playing with Shodan over the weekend, neat tool!! Since SCADA is popular, I searched for those devices and poked around a bit, but nothing intrusive. Found out Clorius Controls A/S makes a product called ICS SCADA it looks like. Noticed a couple minor vulnerabilities:

1. The Server HTTP header makes the devices easy to fingerprint:

HTTP/1.1 200 OK
Server: ISC SCADA Service HTTPserv:00001
Date: Sun, 03 Feb 2013 00:41:51 GMT
Cache-Control: no-cache, max-age=0, must-revalidate
Content-Type: text/html
Content-Length: 879
Last-Modified: Wed, 24 Jun 2009 02:07:04 GMT

2. /html/info.html reveals the firmware version, internal IP, and MAC address of the device without authenticating. Output from two live examples:

Firmware Version 00.00.0110
Script Version 01.01.00
IP-adresse 172.64.1.100
AI 0
AO 0
DI 0
DO 0
MAC-adresse 0026B980A7C1

Firmware Version 00.00.0095
Script Version 01.01.00
IP-adresse 192.168.1.100
AI 0
AO 0
DI 0
DO 0
MAC-adresse 00215E95D34E

Advertisements

Tags: , ,

One Response to “Two minor vulnerabilities in Clorius Controls ICS SCADA”

  1. scada Says:

    In a complete shameless plug, we have a free 30 day trial of our Scada software to check out if you are interested:
    http://www.completescada.com/downloads/downloads.php

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: