module
PhoenixContact PLC Remote START/STOP Command
| Disclosed | Created |
|---|---|
| 2015-05-20 | 2018-05-30 |
Disclosed
2015-05-20
Created
2018-05-30
Description
PhoenixContact Programmable Logic Controllers are built upon a variant of
ProConOS. Communicating using a proprietary protocol over ports TCP/1962
and TCP/41100 or TCP/20547.
It allows a remote user to read out the PLC Type, Firmware and
Build number on port TCP/1962.
And also to read out the CPU State (Running or Stopped) AND start
or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series)
or on port TCP/20547 (confirmed ILC 39x series)
ProConOS. Communicating using a proprietary protocol over ports TCP/1962
and TCP/41100 or TCP/20547.
It allows a remote user to read out the PLC Type, Firmware and
Build number on port TCP/1962.
And also to read out the CPU State (Running or Stopped) AND start
or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series)
or on port TCP/20547 (confirmed ILC 39x series)
Author
Tijl Deneut tijl.deneut@howest.be
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.