FYI...

- http://isc.sans.org/diary.html?storyid=4997
Last Updated: 2008-09-08 23:45:34 UTC ...(Version: 5) - "In June we talked about a SCADA buffer overflow vulnerability discovered by CORE that affected the CitectSCADA product. It could allow a remote un-authenticated attacker to force DoS or to execute arbitrary code on vulnerable systems. The patch was available at that time, so if you have not patched or taken extreme security precautions and countermeasures yet, you have another reason to do so today! This weekend, Kevin Finisterre has published a working exploit in the form of a Metasploit (MSF) module that demosntrates how critical this vulnerability aginst the ODBC service is. The original CORE advisory* details the vulnerability ( http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-2639 )... our DShield service shows a peak in the wild associated to the target vulnerable port (TCP/20222)**."
* http://www.coresecurity.com/content/citect...e-vulnerability

** http://www.dshield.org/port.html?port=20222

"...a Snort signature to detect the SCADACitect ODBC exploit has been released ..."
- http://www.digitalbond.com/index.php/2008/...or-citect-vuln/