ExCraft SCADA Pack Updates:
latest updates are posted to Twitter:

1.60 April 26, 2019
  • Newport_Electronics_iDRN_iDRX_Signal_Conditioners.py - Newport Electronics iDRN-iDRX Signal Conditioners ActiveX Control Remote File Overwrite Vulnerability. 0-Day
  • Newport_Electronics_ActiveX.py - Newport Electronics iDRX ActiveX 1.3 Control Remote File Overwrite Vulnerability. 0-Day
  • AGG_Software_OPC_HTTP_Gateway_Directory_Traversal.py - AGG Software OPC HTTP Gateway Premium Directory Traversal. 0-Day
  • AGG_Software_OPC_Scada_Viewer_Directory_Traversal.py - AGG Software OPC Scada Viewer Directory Traversal. 0-Day
1.59 March 25, 2019
  • Cogent_DataHub_8x_DoS.py - Remote Denial Of Service in Cogent Datahub 8.0.x. 0-Day
  • SchneiderElectric_SEIG_ModBus_DoS.py - Remote Denial Of Service in Schneider Electric SEIG Modbus driver. oldCVE (somehow missed that vuln earlier in our pack)
  • LSIS_XPServiceController_DoS.py - Remote Denial Of Service in LSIS XP-Server XPServiceController. 0-Day
  • WAGO_PFC200_PLC_series_DoS.py - Remote Denial Of Service in WAGO PFC200 PLC. CVE-2018-8836
  • Simple_SCADA_Directory_Traversal.py - Simple-Scada Directory Traversal and file Delete Vulnerability. 0-Day
1.58 February 26, 2019
  • LeCroy EasyScope ActiveX ExportStyle Method Remote Code Execution. [0-Day]
  • Tibbo aggregate 5.51.10 DoS. [0-Day]
  • Advantech Webaccess 8.3.2 Dashboard Time-based Blind SQL Injection. [0-Day]
1.57 January 26, 2019
  • advantech_webaccess_8_3_2_dashboardconfig_afd2.py - Advantech Webaccess 8.3.2 Dashboard Config Arbitrary File Download. 0-Day
  • advantech_webaccess_8_3_2_dashboardeditor_afu_rce.py - Advantech Webaccess 8.3.2 Dashboard Editor AFU (ArbitraryFileUpload) RCE. 0-Day
  • advantech_webaccess_8_3_2_dashboardconfig_afu_rce.py - Advantech Webaccess 8.3.2 Dashboard Config AFU RCE. 0-Day
1.56 December 25, 2018
  • advantech_webaccess_8_3_2_dashboardeditor_afd.py - Advantech WebAccess 8.3.2 Dashboard Editor Arbitrary Folder Download. 0-Day
  • DataRate_Project_Code_Execution.py - DataRate SCADA v4.1 Code Execution via fake project. 0-Day
  • ICPDAS_eLogger_Arbitrary_File_Upload.py - vulnerability in ICPDAS eLogger RuntimeXP allows for file upload. 0-Day
  • OpenAPC_BeamServer_DoS.py - OpenAPC BeamServer Denial of Service. 0-Day
1.55 November 25, 2018
  • BLUE_Open_Studio_8_0_RCE - arbitrary built-in command execution vuln. 0-Day
  • Delta_Industrial_Automation_Robot_DRAStudio_Arbitrary_File_Disclosure.py - Directory Traversal leads to files Disclosure. 0-Day
  • Delta_Industrial_Automation_Robot_DRAStudio_Arbitrary_File_Upload.py - Directory Traversal. leads to files upload. 0-Day
  • VBASE_VOKSERVER_Info_Disclosure.py - Directory Traversal. leads to files Disclosure. 0-Day