IN10-502: Canadian CCIRC Vulnerability Note

The Canadian Cyber Incident Response Centre Information (CCIRC) Information Note IN10-502 on Cyber Threats and Vulnerabilities Against SCADA Systems summarizes hundreds of pages of security bulletins into a succinct four page document.

 

This note covers 5 important Vulnerabilities and also includes information on the SHODAN Search Engine.

 

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus securityCCIRC IN10-502 (22 kb)  No distribution permitted - see details below. 

 

The Vulnerabilities covered are:

1.    Modbus/TCP OPC Server Vulnerability (November 18)
2.    Realflex Technologies Ltd. Realwin SCADA Vulnerability (November 9)
3.    VTScada Internet Server Access Privileges Exploitation (October 26)
4.    MOXA Device Manager Buffer Overflow Vulnerability (October 20)
5.    BACnet OPC Client Buffer Overflow Vulnerability (September 21)

 

The additonal topic covered is:
The SHODAN Search Engine

 

No distribution permitted

You are accessing this document because you are a bona fide ICS or SCADA security professional.  Do not redistribute this information or post it on the internet. 

 

If you know someone who would like this document, please send them the link:

http://www.tofinosecurity.com/user/register

to register for this website to obtain access. (You cannot go to this link right now because you are logged into this website.  The link works for people who are not logged in.)