Another zero-day exploit for SCADA systems
Security specialist Ruben Santamarta has published code demonstrating a flaw in the web-based virtualisation software WebAccess from BroadWin. The code reportedly allows a flaw in WebAccess Network Service's RPC interface to be exploited allowing code to be injected. Santamarta says he informed ICS-CERT in advance, and the firm contacted the vendor.
ICS-CERT said that the vendor was not able to confirm the flaw. Santamarta later wrote that the vendor denied the flaw's existence, so he published the exploit. In lieu of a patch, ICS-CERT recommendsPDF that BroadWin users protect their systems with a firewall and use VPNs for remote access. BroadWin software is used around the world and is also sold by Advantech.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump