Downloading the firmware
The device's firmware has been downloaded and decompiled.
Readings of key resources are performed. Such as: "/etc/shadow"
Immediately, credentials are sent for cracking:
It was only possible to break the hash that corresponds to the user "ACS"
The "Shodan" platform (https://shodan.io) is then used to provide a representative sample of the degree of exposure of the device under analysis.
The search criteria used (Dork) was: "ProFTPD 1.3.1 Server (Siemens Switzerland Ltd.)"
We then validate by crosschecking the credentials with the results obtained. As shown in the screenshot below, the credentials are valid.
Report: This vulnerability was duly reported to Siemens. However, the problem was already known. A CVE was assigned to it: CVE-2017-6872.
Device manual: https://www.downloads.siemens.com/download-center/Download.aspx?pos=download&fct=getasset&id1=A6V10744843