The GLEG Agora SCADA+ Exploit pack is a collection of exploits that specifically target Industrial Control Systems (ICS) products. The inclusion of exploits for vulnerabilities in ICS products increases the ease with which an attacker could exploit these products.
Users of the affected products should reference the ICS-CERT and/or CVE information available in Table 2 and act on the mitigation actions specific to the vulnerability. Users of affected products that have no complete mitigation, such as a patch, should work to implement relevant defensive measures including but not limited to defense in depth strategies.
ICS-CERT has prepared this Alert to provide a list of the vulnerabilities possibly contained in this exploit pack to foster heightened awareness of these vulnerabilities and available mitigations. Table 1 outlines existing public ICS-CERT products related to the Agora SCADA+ Exploit Pack.
|Release Date||Product Name|
|April 6, 2011||ICSA-11-096-01— GLEG Agora SCADA+ Exploit Pack|
|April 21, 2011||ICS-ALERT-11-111-01—GLEG Agora SCADA+ Exploit Pack Update 1.1|
The information contained in this report is neither conclusive nor comprehensive since only a general list is available for the targeted products and exploits, with limited details. The information contained in Table 2 of this Alert represents a cursory and credible snapshot of the vulnerabilities that are likely included in the exploit pack, based on ICS-CERT analysis.
Table 2 below summarizes the possible vulnerabilities for which exploits are available in the Agora SCADA+ Exploit. ICS-CERT has identified 40 potential exploits.
|Vendor||Product||Vulnerability Type||CVE||ICS-CERT Product|
Fanuc Real Time
Denial of Service
Web Studio 7.0
Thin Client 7.0
Ethernet OPC Server
Denial of Service
Sentinel Keys Server 126.96.36.199
* Vulnerability predates ICS-CERT; therefore, no Advisory was published.
Toll Free: 1-888-282-0870