SCADA/HMI Security: Vulnerabilities in GE Fanuc iFIX
I’m all settled in at the Walt Disney Dolphin resort hotel, registered for the SANS SCADA Summit, and just finished up going over my slides one more time.
I’m going to go ahead and make the slides available now, so anyone interested in attending the talk tomorrow can go ahead and get them. If you’re not at the Summit, then here’s your little slice of it:
- Sorry, not here anymore (right-click, save as)
It’s about 3 megs (pictures :), and they compressed ugly when I tried).
<redacted>
Edit: A few folks have asked: SANS did not ask for the slides to be removed. They’re totally cool, and have been great to me and the other speakers during this conference.
Interesting slides! My spontaneous reaction is that the GE Fanuc developers suck at authentication. And this is not the first time they screw it up. I remember that Eyal Udassin presented a vulnerability, at the S4 (Security Scientific Symposium) conference in 2008, where the Fanc system “encrypted” the password with Base64 before sending it over the network. More info here:
http://www.digitalbond.com/index.php/2008/01/26/ge-fanuc-vulnerabilities/
But sending the whole xtcompat.utl file with SMB is even worse! Have you tried sniffing the file transfer with NetworkMiner in order to automatically rebuild the transferred XTCOMPAT.UTL file to disk? You can do live sniffing or just parse a pcap file with the SMB transfer in it. More information on extracting files from pcap’s with Network Miner can be found here: http://networkminer.wiki.sourceforge.net/NetworkMiner
Hi Erik!
I haven’t used Network Miner for this specifically, however I have used it in the past for ripping files out of SMB traffic. Excellent tool :)
[...] Article Link Tag It: [...]
At the conf., missed getting the slides! “Missed it by this much”!