CitectSCADA ODBC service exploit published

In June we talked about a SCADA buffer overflow vulnerability discovered by CORE that affected the CitectSCADA product. It could allow a remote un-authenticated attacker to force DoS or to execute arbitrary code on vulnerable systems. The patch was available at that time, so if you have not patched or taken extreme security precautions and countermeasures yet, you have another reason to do so today!

This weekend, Kevin Finisterre has published a working exploit in the form of a Metasploit (MSF) module that demosntrates how critical this vulnerability aginst the ODBC service is. The original CORE advisory details the vulnerability (CVE-2008-2639), the paper associated to the exploit summarizes all the details about the exploit and related research, and the working exploit publicly available for MSF provides access to a command prompt with the privileges of the currently running Citect process. In fact, our DShield service shows a peak in the wild associated to the target vulnerable port (TCP/20222).

Time to act!!

Raul Siles

Raul Siles

152 Posts
Sep 8th 2008

Sign Up for Free or Log In to start participating in the conversation!