You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"description": "This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The\n vulnerability exists in the DBVisitor.dll component, and can be abused through malicious\n requests to the ChartThemeConfig web service. This module can be used to extract the site\n and project usernames and hashes.",
9854
+
"description": "This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The\n vulnerability exists in the DBVisitor.dll component, and can be abused through malicious\n requests to the ChartThemeConfig web service. This module can be used to extract the site\n and project usernames and hashes.",
"description": "This module abuses a directory traversal in GE Proficy Cimplicity, specifically on the\n gefebt.exe component used by the WebView, in order to retrieve arbitrary files with SYSTEM\n privileges. This module has been tested successfully on GE Proficy Cimplicity 7.5.",
9912
+
"description": "This module abuses a directory traversal in GE Proficy Cimplicity, specifically on the\n gefebt.exe component used by the WebView, in order to retrieve arbitrary files with SYSTEM\n privileges. This module has been tested successfully on GE Proficy Cimplicity 7.5.",
"description": "The Schneider Modicon with Unity series of PLCs use Modbus function\n code 90 (0x5a) to perform administrative commands without authentication.\n This module allows a remote user to change the state of the PLC between\n STOP and RUN, allowing an attacker to end process control by the PLC.\n\n This module is based on the original 'modiconstop.rb' Basecamp module from\n DigitalBond.",
9956
+
"description": "The Schneider Modicon with Unity series of PLCs use Modbus function\n code 90 (0x5a) to perform administrative commands without authentication.\n This module allows a remote user to change the state of the PLC between\n STOP and RUN, allowing an attacker to end process control by the PLC.\n\n This module is based on the original 'modiconstop.rb' Basecamp module from\n DigitalBond.",
"description": "The Schneider Modicon Quantum series of Ethernet cards store usernames and\n passwords for the system in files that may be retrieved via backdoor access.\n\n This module is based on the original 'modiconpass.rb' Basecamp module from\n DigitalBond.",
9997
+
"description": "The Schneider Modicon Quantum series of Ethernet cards store usernames and\n passwords for the system in files that may be retrieved via backdoor access.\n\n This module is based on the original 'modiconpass.rb' Basecamp module from\n DigitalBond.",
"description": "The Schneider Modicon with Unity series of PLCs use Modbus function\n code 90 (0x5a) to send and receive ladder logic. The protocol is\n unauthenticated, and allows a rogue host to retrieve the existing\n logic and to upload new logic.\n\n Two modes are supported: \"SEND\" and \"RECV,\" which behave as one might\n expect -- use 'set mode ACTIONAME' to use either mode of operation.\n\n In either mode, FILENAME must be set to a valid path to an existing\n file (for SENDing) or a new file (for RECVing), and the directory must\n already exist. The default, 'modicon_ladder.apx' is a blank\n ladder logic file which can be used for testing.\n\n This module is based on the original 'modiconstux.rb' Basecamp module from\n DigitalBond.",
10043
+
"description": "The Schneider Modicon with Unity series of PLCs use Modbus function\n code 90 (0x5a) to send and receive ladder logic. The protocol is\n unauthenticated, and allows a rogue host to retrieve the existing\n logic and to upload new logic.\n\n Two modes are supported: \"SEND\" and \"RECV,\" which behave as one might\n expect -- use 'set mode ACTIONAME' to use either mode of operation.\n\n In either mode, FILENAME must be set to a valid path to an existing\n file (for SENDing) or a new file (for RECVing), and the directory must\n already exist. The default, 'modicon_ladder.apx' is a blank\n ladder logic file which can be used for testing.\n\n This module is based on the original 'modiconstux.rb' Basecamp module from\n DigitalBond.",
"description": "The Moxa protocol listens on 4800/UDP and will respond to broadcast\n or direct traffic. The service is known to be used on Moxa devices\n in the NPort, OnCell, and MGate product lines. Many devices with\n firmware versions older than 2017 or late 2016 allow admin credentials\n and SNMP read and read/write community strings to be retrieved without\n authentication.\n\n This module is the work of Patrick DeSantis of Cisco Talos and K. Reid\n Wightman.\n\n Tested on: Moxa NPort 6250 firmware v1.13, MGate MB3170 firmware 2.5,\n and NPort 5110 firmware 2.6.",
10084
+
"description": "The Moxa protocol listens on 4800/UDP and will respond to broadcast\n or direct traffic. The service is known to be used on Moxa devices\n in the NPort, OnCell, and MGate product lines. Many devices with\n firmware versions older than 2017 or late 2016 allow admin credentials\n and SNMP read and read/write community strings to be retrieved without\n authentication.\n\n This module is the work of Patrick DeSantis of Cisco Talos and K. Reid\n Wightman.\n\n Tested on: Moxa NPort 6250 firmware v1.13, MGate MB3170 firmware 2.5,\n and NPort 5110 firmware 2.6.",
"description": "The EtherNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which\n implements the protocol. This module implements the CPU STOP command, as well as\n the ability to crash the Ethernet card in an affected device.\n\n This module is based on the original 'ethernetip-multi.rb' Basecamp module\n from DigitalBond.",
10130
+
"description": "The EtherNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which\n implements the protocol. This module implements the CPU STOP command, as well as\n the ability to crash the Ethernet card in an affected device.\n\n This module is based on the original 'ethernetip-multi.rb' Basecamp module\n from DigitalBond.",
"description": "Unitronics Vision PLCs allow remote administrative functions to control\n the PLC using authenticated PCOM commands.\n\n This module supports START, STOP and RESET operations.",
10227
+
"description": "Unitronics Vision PLCs allow remote administrative functions to control\n the PLC using authenticated PCOM commands.\n\n This module supports START, STOP and RESET operations.",
"description": "PhoenixContact Programmable Logic Controllers are built upon a variant of\n ProConOS. Communicating using a proprietary protocol over ports TCP/1962\n and TCP/41100 or TCP/20547.\n It allows a remote user to read out the PLC Type, Firmware and\n Build number on port TCP/1962.\n And also to read out the CPU State (Running or Stopped) AND start\n or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series)\n or on port TCP/20547 (confirmed ILC 39x series)",
10267
+
"description": "PhoenixContact Programmable Logic Controllers are built upon a variant of\n ProConOS. Communicating using a proprietary protocol over ports TCP/1962\n and TCP/41100 or TCP/20547.\n It allows a remote user to read out the PLC Type, Firmware and\n Build number on port TCP/1962.\n And also to read out the CPU State (Running or Stopped) AND start\n or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series)\n or on port TCP/20547 (confirmed ILC 39x series)",
"description": "This module allows an unauthenticated user to interact with the Yokogawa\n CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR\n operations.",
10308
+
"description": "This module allows an unauthenticated user to interact with the Yokogawa\n CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR\n operations.",
0 commit comments