All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.
The GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. The inclusion of exploits for vulnerabilities in ICS products increases the ease with which an attacker could exploit these products.
Users of the affected products should reference the ICS-CERT and/or CVE information available in Table 2 and act on the mitigation actions specific to the vulnerability. Users of affected products that have no complete mitigation, such as a patch, should work to implement relevant defensive measures including but not limited to defense in depth strategies.
ICS-CERT has prepared this Alert to provide a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations. Table 1 outlines existing public ICS-CERT products related to the Agora SCADA+ Exploit Pack.
|Release Date||Product Name|
|April 6, 2011||ICSA-11-096-01— GLEG Agora SCADA+ Exploit Pack|
|April 21, 2011||ICS-ALERT-11-111-01—GLEG Agora SCADA+ Exploit Pack Update 1.1|
The information contained in this report is neither conclusive nor comprehensive since only a general list is available for the targeted products and exploits, with limited details. The information contained in Table 2 of this Alert represents a cursory and credible snapshot of the vulnerabilities that are likely included in the exploit pack, based on ICS-CERT analysis.
Table 2 below summarizes the possible vulnerabilities for which exploits are available in the Agora SCADA+ Exploit. ICS-CERT has identified 40 potential exploits.
|Vendor||Product||Vulnerability Type||CVE||ICS-CERT Product|
Fanuc Real Time
Denial of Service
Web Studio 7.0
Thin Client 7.0
Ethernet OPC Server
Denial of Service
Sentinel Keys Server 18.104.22.168
* Vulnerability predates ICS-CERT; therefore, no Advisory was published.
For any questions related to this report, please contact the NCCIC at:
Toll Free: 1-888-282-0870
The NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.