Comments on: SCADA/HMI Security: Vulnerabilities in GE Fanuc iFIX http://www.mcgrewsecurity.com/2009/02/01/hmi-security-vulnerabilities-in-ifix/ Thu, 05 Jan 2012 11:44:23 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: DustinV http://www.mcgrewsecurity.com/2009/02/01/hmi-security-vulnerabilities-in-ifix/#comment-522 DustinV Mon, 02 Feb 2009 20:28:20 +0000 http://www.mcgrewsecurity.com/?p=306#comment-522 At the conf., missed getting the slides! "Missed it by this much"! At the conf., missed getting the slides! “Missed it by this much”!

]]> By: Liquidmatrix Security Digest » McGrew On Vulnerabilities In GE Fanuc iFIX http://www.mcgrewsecurity.com/2009/02/01/hmi-security-vulnerabilities-in-ifix/#comment-521 Liquidmatrix Security Digest » McGrew On Vulnerabilities In GE Fanuc iFIX Mon, 02 Feb 2009 17:04:36 +0000 http://www.mcgrewsecurity.com/?p=306#comment-521 [...] Article Link Tag It: [...] [...] Article Link Tag It: [...]

]]> By: admin http://www.mcgrewsecurity.com/2009/02/01/hmi-security-vulnerabilities-in-ifix/#comment-520 admin Mon, 02 Feb 2009 11:36:26 +0000 http://www.mcgrewsecurity.com/?p=306#comment-520 Hi Erik! I haven't used Network Miner for this specifically, however I have used it in the past for ripping files out of SMB traffic. Excellent tool :) Hi Erik!

I haven’t used Network Miner for this specifically, however I have used it in the past for ripping files out of SMB traffic. Excellent tool :)

]]> By: Erik H http://www.mcgrewsecurity.com/2009/02/01/hmi-security-vulnerabilities-in-ifix/#comment-519 Erik H Mon, 02 Feb 2009 09:47:18 +0000 http://www.mcgrewsecurity.com/?p=306#comment-519 Interesting slides! My spontaneous reaction is that the GE Fanuc developers suck at authentication. And this is not the first time they screw it up. I remember that Eyal Udassin presented a vulnerability, at the S4 (Security Scientific Symposium) conference in 2008, where the Fanc system “encrypted” the password with Base64 before sending it over the network. More info here: http://www.digitalbond.com/index.php/2008/01/26/ge-fanuc-vulnerabilities/ But sending the whole xtcompat.utl file with SMB is even worse! Have you tried sniffing the file transfer with NetworkMiner in order to automatically rebuild the transferred XTCOMPAT.UTL file to disk? You can do live sniffing or just parse a pcap file with the SMB transfer in it. More information on extracting files from pcap’s with Network Miner can be found here: http://networkminer.wiki.sourceforge.net/NetworkMiner Interesting slides! My spontaneous reaction is that the GE Fanuc developers suck at authentication. And this is not the first time they screw it up. I remember that Eyal Udassin presented a vulnerability, at the S4 (Security Scientific Symposium) conference in 2008, where the Fanc system “encrypted” the password with Base64 before sending it over the network. More info here:
http://www.digitalbond.com/index.php/2008/01/26/ge-fanuc-vulnerabilities/

But sending the whole xtcompat.utl file with SMB is even worse! Have you tried sniffing the file transfer with NetworkMiner in order to automatically rebuild the transferred XTCOMPAT.UTL file to disk? You can do live sniffing or just parse a pcap file with the SMB transfer in it. More information on extracting files from pcap’s with Network Miner can be found here: http://networkminer.wiki.sourceforge.net/NetworkMiner

]]>