SCADA stands for Supervisory Control And Data Acquisition. These are the systems which are spread over a wide area, used in controlling and managing industrial environments, to know more about SCADA read our post An Introduction To SCADA Systems.

In this post about SCADA I will be telling you how to find vulnerable SCADA systems. So for finding vulnerable SCADA we will be using a search engine know as Shodanwhich stands for Sentient Hyper-Optimized Data Access Network. Those of you who are not aware of Shodan, it is a search engine which scans the entire internet for the systems running specific service like HTTP, FTP, Telnet, SMTP, SSH. Shodan is also know as "Google For Hackers".





We will be using Shodan for finding vulnerable SCADA systems, Shodan can't only be used to find SCADA, it can also find others like IIS.


Here are some useful queries:
  • http://www.shodanhq.com/?q=port:161+country:US+simatic
  • http://www.shodanhq.com/?q=PLC
  • http://www.shodanhq.com/?q=allen+bradley
  • http://www.shodanhq.com/?q=fanuc
  • http://www.shodanhq.com/?q=Rockwell
  • http://www.shodanhq.com/?q=Cimplicity
  • http://www.shodanhq.com/?q=Omron
  • http://www.shodanhq.com/?q=Novatech
  • http://www.shodanhq.com/?q=Citect
  • http://www.shodanhq.com/?q=RTU
  • http://www.shodanhq.com/?q=Modbus+Bridge
  • http://www.shodanhq.com/?q=modicon
  • http://www.shodanhq.com/?q=bacnet
  • http://www.shodanhq.com/?q=telemetry+gateway
  • http://www.shodanhq.com/?q=SIMATIC
  • http://www.shodanhq.com/?q=hmi
  • http://www.shodanhq.com/?q=siemens+-…er+-Subscriber
  • http://www.shodanhq.com/?q=scada+RTS
  • http://www.shodanhq.com/?q=SCHNEIDER
  • http://www.shodanhq.com/?q=port%3A161+simatic
  • http://www.shodanhq.com/?q=telemetry+gateway
  • http://www.shodanhq.com/?q=%22cisco-ios%22%20%22last-modified%22

After getting the SCADA, they can be brute forced or Bypassing Authentication can be used.


Search results include information like HTTP server responses to GET requests, FTP and Telnet service banners and client/server messages exchanged during login attempts, and SSH banners (including server versions).

SCADA Systems can be secured using the following techniques:

-Systems must be placed behind the firewalls
-VPN [Virtual Private Network] must be used for secure remote access.
-For preventing brute force attacks, account lockup methods must be used.
-Strong passwords must be used.

0 comments:

Post a Comment

 
Top