At last I've ready a video demo of the vulnerability I found last year in the PLC Modicon M340. It was eventually catalogued as:
- ICS Cert advisory ICSA-17-054-03
- NIST CVE 2017-6017
Other vulnerability databases mentioned it as well:
Ok, then, this is the demo video of the vulnerability (https://www.youtube.com/watch?v=9rz4rI82dWM):
This is very dangerous because an attacker could turn off very easily any of the more than 600 modicon devices currently accesible in internet:
For more information about this vulnerability, visit my previous entry in this blog talking about it.
I currently have an exploit both in python and Ruby, will publish them once the accessible vulnerable devices in shodan go below 100.
Meanwhile, there are many other toys waiting!!
No hay comentarios:
Publicar un comentario