Industrial Control Systems (ICS) Banner Grabbing : MODBUS/TCP
What is banner grabbing?
Banner grabbing is the process of obtaining information about the infrastructure, or technology, behind a service. In...
SCADA/ICS
Industrial Control Systems in Healthcare Environments
Industrial Control Systems (ICS) can be found in a variety of highly sensitive environments, and any affect, be it accidental or malicious, will touch upon human lives. From food processing to nuclear plants, our lives would be altered in various ways.
Ransomware Attacks and Protections in Industrial Control Systems
Industrial environments such as power plants nuclear plants, water treatment facilities, manufacturers - especially pharmaceutical ones due to COVID-19 - have become attractive targets, with the manufacturing and energy sectors being the most attacked industries in 2020[1].
Recognizing Modbus functions
Below we present a few strategies that, based on the response readings to modbus/tcp requests, makes it possible to identify the protocol functions that would be implemented in a PLC.
[Siemens] OZW672: Undocumented user ("Back door"), with weak password (CVE-2017-6872)
Affected device (Tested): OZW672.06
OZW devices are used for the remote monitoring of building control equipment. For example, for monitoring heating or air conditioning systems.
[Siemens] Climatix, BACnet Communication Card, Multiples #XSS - (CVE-2020-7574 & CVE-2020-7575)
Climatix - BACnet Communication Card (by Siemens Building Technologies): this device is a module that allows communication via BACnet / IP.
[KMC Controls] Backdoor in "BACnet Building Controller" (CVE-2020-7233)
The KMC BACnet Building Controller BAC-A1616BC has a "backdoor" on the embedded web service.
[Siemens] SIMATIC S7-200; DOS via modbus injection ( CVE-2020-7584 )
In our laboratory we were able to identify and reproduce a vulnerability which enables the construction and delivery of Modbus protocol frames to...
[OMRON] "NS WEB Interface": Login Bypass (CVE-2018-6624)
Today we will be presenting a vulnerability classified as critical found in Omron NS 1.1 / 1.2 / 1.3 which allows remote attackers to bypass authentication via a direct request to the resource "/monitor.html"
[Schneider] Multiple (and known) vulnerabilities
We will be reviewing some known vulnerabilities present in various Schneider Electric devices.
