Metasploit Exploit Module Released For PLC SCADA Devices
Digital Bond and Rapid7 partner to move additional Project Basecamp PLC exploits to the Metasploit Framework
January 20, 2012
PRESS RELEASE
MIAMI BEACH, Fla. & BOSTON--(BUSINESS WIRE)--Digital Bond and Rapid7 announced today at the S4 Conference the release of a new Metasploit module to exploit the GE D20 PLC, and a partnership to move additional Project Basecamp PLC exploits to the Metasploit Framework. There are additional GE D20 modules in QA, and plans to move the Basecamp exploits of Rockwell Automation, Schneider Modicon, and Koyo/Direct LOGIC exploits into Metasploit modules. PLCs are the components in SCADA networks that control critical infrastructure, including power plants, pipelines, chemical manufacturing, water treatment, etc.
Dale Peterson, founder of Digital Bond, said, “We felt it was important to provide tools that showed critical infrastructure owners how easy it is for an attacker to take control of their system with potentially catastrophic results. These attacks have existed in theory for a while, but were difficult to demonstrate to a Plant Manager. By creating exploit modules for the most widely used exploit framework - Metasploit - we hope that security professionals in critical infrastructure companies, consultants, and penetration testers will prod vendors to add basic security measures to PLCs after decades of neglect.”
A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. Metasploit editions – ranging from a free edition to professional enterprise editions – are all based on the Metasploit Framework, an open source software development kit with the world's largest, public collection of quality-assured exploits. The Framework is currently downloaded more than one million times per year and used and enhanced further by over 125,000 security community members.
“The Basecamp modules show the flexibility of the Metasploit Framework,” said HD Moore, Metasploit Chief Architect and CSO of Rapid7. “While most Metasploit modules exploit traditional workstations and servers, these modules are exploiting special purpose devices and will even demonstrate the ability to provide interactive control of a critical system, turning things on and off.”
Project Basecamp and the resulting tools were presented at Digital Bond’s S4 Conference in Miami Beach. A team of six researchers assessed the security of six widely used PLCs in critical infrastructure in front of an audience of leading SCADA security researchers from around the world.
About Digital Bond
Digital Bond is a SCADA and DCS security consulting and research practice that began working on control systems in 2000. Digitalbond.com is the most popular site for SCADA security information and free SCADA security tools. For more information about Digital Bond email [email protected] or call 954-315-4633.
About Rapid7
Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and used and enhanced further by over 125,000 security community members. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024