Metasploit modules that can be used to exploit Rockwellautomation products
-
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Disclosure Date: 2020-06-22First seen: 2020-11-20exploit/windows/scada/rockwell_factorytalk_rceThis module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category. Authors: - Pedro Ribeiro <pedrib@gmail.com> - Radek Domanski <radek.domanski@gmail.com> -
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Disclosure Date: 2020-06-22First seen: 2020-11-20exploit/windows/scada/rockwell_factorytalk_rceThis module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category. Authors: - Pedro Ribeiro <pedrib@gmail.com> - Radek Domanski <radek.domanski@gmail.com> -
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Disclosure Date: 2020-06-22First seen: 2020-11-20exploit/windows/scada/rockwell_factorytalk_rceThis module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category. Authors: - Pedro Ribeiro <pedrib@gmail.com> - Radek Domanski <radek.domanski@gmail.com> -
DoS Exploitation of Allen-Bradley's Legacy Protocol (PCCC)
First seen: 2020-04-26auxiliary/dos/scada/allen_bradley_pcccA remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition. MicroLogix 1100 controllers are affected: 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. CVE-2017-7924 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned.
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details