module
Schneider Modicon Ladder Logic Upload/Download
| Disclosed | Created |
|---|---|
| Apr 5, 2012 | May 30, 2018 |
Disclosed
Apr 5, 2012
Created
May 30, 2018
Description
The Schneider Modicon with Unity series of PLCs use Modbus function
code 90 (0x5a) to send and receive ladder logic. The protocol is
unauthenticated, and allows a rogue host to retrieve the existing
logic and to upload new logic.
Two modes are supported: "SEND" and "RECV," which behave as one might
expect -- use 'set mode ACTIONAME' to use either mode of operation.
In either mode, FILENAME must be set to a valid path to an existing
file (for SENDing) or a new file (for RECVing), and the directory must
already exist. The default, 'modicon_ladder.apx' is a blank
ladder logic file which can be used for testing.
This module is based on the original 'modiconstux.rb' Basecamp module from
DigitalBond.
code 90 (0x5a) to send and receive ladder logic. The protocol is
unauthenticated, and allows a rogue host to retrieve the existing
logic and to upload new logic.
Two modes are supported: "SEND" and "RECV," which behave as one might
expect -- use 'set mode ACTIONAME' to use either mode of operation.
In either mode, FILENAME must be set to a valid path to an existing
file (for SENDing) or a new file (for RECVing), and the directory must
already exist. The default, 'modicon_ladder.apx' is a blank
ladder logic file which can be used for testing.
This module is based on the original 'modiconstux.rb' Basecamp module from
DigitalBond.
Authors
K. Reid Wightman wightman@digitalbond.com
todb todb@metasploit.com
todb todb@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.