Russian security team to upgrade SCADA exploit tool

Gleg plans to add the latest public SCADA exploits into a penetration testing tool from Immunity

A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher.

The three-person company, called Gleg, is based in Moscow and specializes in vulnerability research. It recently began focusing on problems within SCADA (supervisory control and data acquisition) systems, which are used in factories, utilities and many other kinds of industrial applications, said Yuriy Gurkin, Gleg's CEO.

Gleg works with the Miami company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities, along the same lines as the Metasploit tool.

Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg's main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day, or new, vulnerabilties and those discovered by its research team.

About two weeks ago, Gleg released Agora SCADA+, a new add-on for Canvas, Gurkin said. It contains 27 exploits for SCADA software and will mostly likely have around 35 exploits when an upgrade is released next week, he said.

Gurkin said Gleg is incorporating the exploits written by Luigi Ariemma, who found about 50 vulnerabilities in four SCADA products made by Siemens, Iconics, 7-Technologies and Datac. All four companies had products with remotely exploitable vulnerabilities.

On his website, Ariemma self-published vulnerability details, which were also published on Bugtraq. He did not inform the vendors prior to releasing the information, something that is considered bad form by some in the security community. Officials at two of the vendors -- 7-Technologies and Datac -- said earlier this week they were working on patches.

Gurkin said he believes responsible disclosure practices are out of date.

"We, like Luigi, don't notify vendors," Gurkin said. "This is a waste of time."

However, Gleg's partner Immunity does vet organizations that are interested in buying Canvas to verify they are not going to use the product in a malicious way.

Gurkin said he has seen increasing requests from companies for SCADA audits. "Sometimes our partners who use different SCADA software ask us to check something they have, with terms like 'You give us recommendations, we give you access to the system'," he said.

The high-profile Stuxnet malware has also prompted wider concern, he said. Stuxnet is a worm that was designed to target Siemens' WinCC industrial control software. It was packaged with four zero-day exploits for Microsoft Windows. It is now widely believed that Stuxnet was designed to disrupt Iran's uranium enrichment program.

SCADA software was often not intended to be connected to the Internet, but nonetheless more companies have done that anyway, which poses security risks, Gurkin said. Companies in the SCADA field are also not as open as other software companies about exchanging security tips and knowledge, he said.

A three-month subscription for Agora SCADA+ costs $US2,250, which includes updates to the exploit pack and a single license for the Canvas framework. A one-year subscription costs $5,400 and also comes with one Canvas license.

Send news tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags Immunityintrusionsecuritydata breachsoftwareExploits / vulnerabilitiesmalwareGleg

More about AgoraMicrosoftSiemens

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts