TOC & Recently Viewed

Recently Viewed Topics

SCADA/ICS Analysis Module

Module Detection ID Module Detection Name Module Detection Description Risk Factor Legacy PASL ID
21 Siemens S7 Server Detection S7 is a Siemens proprietary communications protocol. The S7 communications protocol is used extensively in the Siemens S7 software and device product line including the S7-200, S7-300, and S7-400 programmable logic controllers (PLCs). S7 can be encapsulated in several different protocols including PROFIBUS, MPI, and TCP. The S7 traffic detected here is encapsulated in TCP using TPKT and COTP. INFO 7160
22 Siemens S7 Client Detection S7 is a Siemens proprietary communications protocol. The S7 communications protocol is used extensively in the Siemens S7 software and device product line including the S7-200, S7-300, and S7-400 programmable logic controllers (PLCs). S7 can be encapsulated in several different protocols including PROFIBUS, MPI, and TCP. The S7 traffic detected here is encapsulated in TCP using TPKT and COTP. INFO 7159
23 COTP Server Detection The Connection-Oriented Transport Protocol (COTP) is an Open Systems Interconnection (OSI) transport layer protocol. COTP is defined in ISO 8073. In this instance, COTP is being transported via TCP using TPKT. INFO 7158
24 COTP Client Detection The Connection-Oriented Transport Protocol (COTP) is an Open Systems Interconnection (OSI) transport layer protocol. COTP is defined in ISO 8073. In this instance, COTP is being transported via TCP using TPKT. INFO 7157
25 Siemens S7-200 Series PLC Detection A Siemens S7-200 Series PLC has been detected. The Siemens S7-200 Series is a family of PLCs which supports the manufacturer's own proprietary S7 protocol. INFO 7193
26 Siemens S7-300 Series PLC Detection A Siemens S7-300 Series PLC has been detected. The Siemens S7-300 Series is a family of PLCs which supports the manufacturer's own proprietary S7 protocol. INFO 7194
27 Siemens S7-400 Series PLC Detection A Siemens S7-400 Series PLC has been detected. The Siemens S7-400 Series is a family of PLCs which supports the manufacturer's own proprietary S7 protocol. INFO 7195
28 Siemens S7-1200 Series PLC Detection A Siemens S7-1200 Series PLC has been detected. The Siemens S7-1200 Series is a family of PLCs which supports the manufacturer's own proprietary S7 protocol. INFO 7196
29 Siemens S7-1500 Series PLC Detection A Siemens S7-1500 Series PLC has been detected. The Siemens S7-1500 Series is a family of PLCs which supports the manufacturer's own proprietary S7 protocol. INFO 7197
30 TPKT Client Detection ISO Transport Service on top of TCP (TPKT) is defined in RFCs 1006 and 2126. Open Systems Interconnection (OSI) protocols as defined by the International Organization for Standardization (ISO) can be encapsulated in TCP using TPKT. TPKT emulates the OSI protocol Transport Service Access Point (TSAP). TCP port 102 is reserved for hosts which implement TPKT; however, it is not required that port 102 be used for all connections. One example of a protocol that uses TPKT but does not use port 102 is Microsoft's Remote Desktop Protocol (RDP) which uses TCP port 3389. INFO 7155
31 TPKT Server Detection ISO Transport Service on top of TCP (TPKT) is defined in RFCs 1006 and 2126. Open Systems Interconnection (OSI) protocols as defined by the International Organization for Standardization (ISO) can be encapsulated in TCP using TPKT. TPKT emulates the OSI protocol Transport Service Access Point (TSAP). TCP port 102 is reserved for hosts which implement TPKT; however, it is not required that port 102 be used for all connections. One example of a protocol that uses TPKT but does not use port 102 is Microsoft's Remote Desktop Protocol (RDP) which uses TCP port 3389. INFO 7156
32 Siemens S7-300 Series PLC CPU Firmware <= 3.2.11 DoS Siemens S7-300 PLC central processing units (CPUs) contain an unspecified flaw that may allow a remote attacker to use a specially crafted packet to cause the device to enter defect mode until a cold restart is performed. HIGH 7225
33 MODBUS/TCP Device Identification Object Detection MODBUS Device Identification objects provide information related to the physical and functional properties of a device. Objects in the Basic Device Identification include vendor name, product code, and revision number. Objects in the Regular Device Identification category include the Basic Device Identification category objects in addition to vendor URL, product name, model name, and user application name. INFO 7148
34 Schneider Electric Modicon Quantum PLC Detection A Schneider Electric Modicon Quantum PLC has been detected. The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications and high availability solutions. INFO 7149
35 Schneider Electric Modicon M340 PLC Detection A Schneider Electric Modicon M340 PLC has been detected. The Schneider Electric Modicon M340 is a compact programmable logic controller (PLC) suitable for a wide range of automation applications. The Modicon M340 is sometimes deployed in conjunction with the Modicon Premium and Modicon Quantum PLCs. INFO 7150
36 Schneider Electric Modicon Premium PLC Detection A Schneider Electric Modicon Premium PLC has been detected. The Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications and high availability solutions. INFO 7151
37 Multiple Schneider Electric Modicon PLC Modules Directory Traversal Schneider Electric Ethernet modules for Modicon M340, Modicon Quantum, and Modicon Premium PLCs in addition to Modicon Momentum, Modicon TSX Micro, and Modicon STB modules that provide HTTP services contain a directory traversal vulnerability. Attackers can remotely bypass web server authentication thereby achieving unauthenticated administrative access and control of the device. CRITICAL 7154
38 Multiple Schneider Electric Modicon M340 Ethernet Modules Remote Denial of Service Certain Schneider Electric Modicon M340 Programmable Logic Controller (PLC) Ethernet modules contain a vulnerability that allows remote, authenticated users to crash the Ethernet module via specially crafted FTP traffic. This vulnerability has been demonstrated using the FileZilla FTP client. Affected M340 Ethernet modules are the BMXNOE0100, BMXNOE0110, and BMXP342020. MEDIUM 7161
39 MODBUS/TCP 'Return Query Data' Function Code Detection (SCADA) The MODBUS/TCP client has sent a MODBUS server a Return Query Data request. The Return Query Data request, function code 8 (0x08) and subfunction code 0 (0x00), will cause the target server to echo the request sent to it. This function is typically implemented only in serial devices. INFO 7099
40 MODBUS/TCP 'Restart Communications' Function Code Detection (SCADA) The MODBUS/TCP client has sent a MODBUS server a Restart Communications request. The Restart Communications request, function code 8 (0x08) and subfunction code 1 (0x01), will cause the target server to reinitialize and restart its communication port. This function is typically implemented only in serial devices. INFO 7100
41 MODBUS/TCP 'Force Listen Mode' Function Code Detection (SCADA) The MODBUS/TCP client has sent a MODBUS server a Force Listen Mode request. The Force Listen Mode request, function code 8 (0x08) and subfunction code 4 (0x04), will cause the target server into listen-only mode; i.e., it will not send any responses. This function is typically implemented only in serial devices. INFO 7101
42 MODBUS/TCP 'Clear Counters and Diagnostic Register' Function Code Detection (SCADA) The MODBUS/TCP client has sent a MODBUS server a Clear Counters and Diagnostic Register request. The Clear Counters and Diagnostic Register request, function code 8 (0x08) and subfunction code 10 (0x0A), will cause the target server to clear its counters and the diagnostic register. This function is typically implemented only in serial devices. INGO 7102
43 MODBUS/TCP 'Report Server ID' Function Code Detection (SCADA) The MODBUS/TCP client has sent a MODBUS server a Report Server ID request. The Report Server ID request, function code 17 (0x11), will cause the target server to respond with the server ID, run indicator status, and other information. This function is typically implemented only in serial devices. INFO 7103
44 MODBUS/TCP 'CANopen' Function Code Detection (SCADA) The MODBUS/TCP client is transporting the CANopen protocol. Function code 43 (0x2B) and subfunction code 13 (0x0D) indicate that the CANopen protocol is encapsulated in MODBUS. INFO 7104
45 MODBUS/TCP 'Device Identification' Function Code Detection (SCADA) The MODBUS/TCP client has sent a MODBUS server a Device Identification request. The Device Identification request, function code 43 (0x2B) and subfunction code 14 (0x0E), will cause the target server to return device identification information. INFO 7105
46 MODBUS/TCP Server Detection A MODBUS/TCP server (also known as a MODBUS/TCP slave) has been detected. MODBUS/TCP is a SCADA protocol widely used in industrial manufacturing and other industries. INFO 7092
47 MODBUS/TCP Client Detection A MODBUS/TCP client (also known as a MODBUS/TCP master) has been detected. MODBUS/TCP is a SCADA protocol widely used in industrial manufacturing and other industries. INFO 7091
48 DNP3/TCP Master Detection A DNP3/TCP master has been detected. DNP3 is a communications protocol used in SCADA systems primarily in the electric utility industry. INFO 7089
49 DNP3/TCP 'Cold Restart' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Cold Restart command. The Cold Restart command, function code 13 (0x0D), will cause the target outstation to perform a cold restart. INFO 7094
50 DNP3/TCP 'Warm Restart' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Warm Restart command. The Warm Restart command, function code 14 (0x0E), will cause the target outstation to perform a warm restart. INFO 7095
51 DNP3/TCP 'Stop Application' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Stop Application command. The Stop Application command, function code 18 (0x12), will cause the target outstation to stop an application. INFO 7096
52 DNP3/TCP 'Disable Unsolicited Messages' Function Code Detection (SCADA The DNP3/TCP master has sent an outstation the Disable Unsolicited Messages command. The Disable Unsolicited Messages command, function code 21 (0x15), will cause the target outstation to stop sending unsolicited messages. INFO 7097
53 Progea Movicon Client Detection via TCP A Progea Movicon Client has been detected. Progea Movicon is SCADA/HMI software for industrial automation, remote control, and building automation. INFO 7119
54 Progea Movicon Server Detection via TCP A Progea Movicon Server has been detected. Progea Movicon is SCADA/HMI software for industrial automation, remote control, and building automation. INFO 7121
55 Progea Movicon Client Detection via HTTP A Progea Movicon Client has been detected. Progea Movicon is SCADA/HMI software for industrial automation, remote control, and building automation. Movicon Clients use a proprietary communications protocol to access real-time data from Movicon Servers. This proprietary communications protocol may use TCP, UDP, or HTTP as a transport protocol. The Movicon Client detected is using HTTP as a transport protocol. INFO 7122
56 Progea Movicon Server Detection via HTTP A Progea Movicon Server has been detected. Progea Movicon is SCADA/HMI software for industrial automation, remote control, and building automation. Movicon Clients use a proprietary communications protocol to access real-time data from Movicon Servers. This proprietary communications protocol may use TCP, UDP, or HTTP as a transport protocol. The Movicon Server detected is using HTTP as a transport protocol. INFO 7123
57 Progea Movicon Client Detection via UDP A Progea Movicon Client has been detected. Progea Movicon is SCADA/HMI software for industrial automation, remote control, and building automation. Movicon Clients use a proprietary communications protocol to access real-time data from Movicon Servers. This proprietary communications protocol may use TCP, UDP, or HTTP as a transport protocol. The Movicon Client detected is using UDP as a transport protocol. INFO 7124
58 Progea Movicon Server Detection via UDP A Progea Movicon Server has been detected. Progea Movicon is SCADA/HMI software for industrial automation, remote control, and building automation. Movicon Clients use a proprietary communications protocol to access real-time data from Movicon Servers. This proprietary communications protocol may use TCP, UDP, or HTTP as a transport protocol. The Movicon Server detected is using UDP as a transport protocol. INFO 7125
59 Progea Movicon < 11.4 Build 1150 Information Disclosure Vulnerability The detected version of Progea Movicon contains an information disclosure vulnerability. This vulnerability is related to the TCPUploader module which could allow a remote and unauthenticated user to obtain OS version information. MEDIUM 7128
60 Progea Movicon < 11.3 Memory Corruption Vulnerability The detected version of Progea Movicon contains a memory corruption vulnerability. This vulnerability can be exploited by sending a specially crafted HTTP POST request to the Movicon OPC server. The specially crafted HTTP POST will cause the application to read out-of-bounds memory resulting in a denial of service. HIGH 7129
61 Progea Movicon < 11.2 Build 1086 Multiple Vulnerabilities The detected version of Progea Movicon is affected by multiple vulnerabilities: There is a remote heap-based buffer overflow vulnerability related to erroneous parsing of the Content-Length HTTP request header. (CVE-2011-3491) A remote heap-based buffer overflow vulnerability exists related to HTTP requests. (CVE-2011-3498) A remote denial of service vulnerability exists related to an EIDP packet with too large of a size field. The specially crafted EIDP packet will cause the application to crash, and there is the possibility of arbitrary code execution. (CVE-2011-3499) CRITICAL 7142
62 Accuenergy Acuvim II AXM-NET 3.04 Multiple Vulnerabilities Accuenergy Acuvim II AXM-NET module containing multiple vulnerabilities has been detected: The Accuenergy Acuvim AXM-NET Ethernet module contains an authentication bypass vulnerability which can be exploited remotely by accessing a specific web server URL. An attacker could modify the network settings of the AXM-NET module, but would not have access to the settings for the Acuvim II power meter. (CVE-2-14-2373) The Accuenergy Acuvim AXM-NET Ethernet module contains a password disclosure vulnerability related to JavaScript password validation. An authenticated attacker could modify the network settings of the AXM-NET module, but would not have access to the settings for the Acuvim II power meter. (CVE-2-14-2374) HIGH 7162
63 Rockwell Automation/Allen-Bradley MicroLogix 1400 Detection A Rockwell Automation/Allen-Bradley MicroLogix 1400 PLC has been detected. The MicroLogix 1400 is a PLC which supports EtherNet/IP, DNP3/TCP, Modbus/TCP, Modbus/RTU, and DNP3/ASCII. INFO 7146
64 Rockwell Automation/Allen-Bradley MicroLogix 1400 Series A <= 7 and Series B <= 15.000 DNP3 Remote DoS Rockwell Automation/Allen-Bradley MicroLogix 1400 programmable logic controllers (PLCs) contain a denial of service vulnerability related to the DNP3 protocol stack. Successful exploitation of this vulnerability results in the PLC becoming non-responsive, and recovery requires a power cycle. This vulnerability can be exploited by sending a series of malformed DNP3 packets to the MicroLogix 1400's DNP3 interface. The MicroLogix 1400's DNP3 interface can be either a serial or Ethernet port. Note that DNP3 is disabled by default in MicroLogix 1400 PLCs and that this vulnerability can be exploited only in devices that have DNP3 enabled. HIGH 7147
65 Rockwell Automation/Allen-Bradley MicroLogix 1100 Detection A Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC has been detected. The MicroLogix 1100 is a PLC which supports serial and networked communication over a built-in RS-232/RS-485 combo port and Ethernet peer-to-peer commnications over its built-in EtherNet/IP port. INFO 7188
66 Rockwell Automation/Allen-Bradley MicroLogix 1000 Detection A Rockwell Automation/Allen-Bradley MicroLogix 1000 PLC has been detected. The MicroLogix 1000 is a PLC which supports serial and networked communication over a built-in RS-232/RS-485 combo port. The MicroLogix 1000 can also support Ethernet peer-to-peer commnications when outfitted with the 1761-NET-ENI communications module, which supports EtherNet/IP. INFO 7189
67 Rockwell Automation/Allen-Bradley CompactLogix 1768 Detection A Rockwell Automation/Allen-Bradley CompactLogix 1768 PLC has been detected. The CompactLogix 1768 is a PLC which supports EtherNet/IP and serial communications. INFO 7190
68 Rockwell Automation/Allen-Bradley CompactLogix 1769 L23x/L3x Detection A Rockwell Automation/Allen-Bradley CompactLogix 1769 L23x/L3x PLC has been detected. The CompactLogix 1769 L23x/L3x is a PLC which supports integrated serial, EtherNet/IP and ControlNet communications, as well as modular extensibility for DeviceNet support. INFO 7191
69 Rockwell Automation/Allen-Bradley CompactLogix 1769 5370 Series Detection A Rockwell Automation/Allen-Bradley CompactLogix 1769 5370 Series PLC has been detected. The CompactLogix 1769 5370 Series is a PLC which supports EtherNet/IP communications. INFO 7192
70 Rockwell Automation/Allen-Bradley MicroLogix 1400 SNMP Remote Privilege Escalation Rockwell Automation/Allen-Bradley MicroLogix 1400 programmable logic controllers (PLCs) contain an undocumented, hi gh privileged SNMP community string. This may allow an unauthorized remote attacker to make changes to the device's configuration or update the firmware. MEDIUM 7221
71 Schneider Electric Modicon TSX Micro PLC Detection A Schneider Electric Modicon TSX Micro PLC has been detected. The Schneider Electric Modicon TSX Micro is a compact, modular programmable logic controller (PLC) for OEM machine builders and infrastructure. INFO 7153
72 Ethernet Industrial Protocol (EtherNet/IP) Implicit Message Detection EtherNet/IP is a communications protocol used in industrial automation applications. EtherNet/IP implements the Common Industrial Protocol (CIP) at the session and application layers and uses TCP as a transport protocol for CIP explicit messages and UDP as a transport protocol for CIP implicit messages. CIP explicit messages are typically used to transmit configuration, diagnostic, and event data. CIP implicit messages are used for realtime I/O data transfer. An EtherNet/IP implicit message has been detected. INFO 7113
73 Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection EtherNet/IP is a communications protocol used in industrial automation applications. EtherNet/IP implements the Common Industrial Protocol (CIP) at the session and application layers and uses TCP as a transport protocol for CIP explicit messages and UDP as a transport protocol for CIP implicit messages. CIP explicit messages are typically used to transmit configuration, diagnostic, and event data. CIP implicit messages are used for realtime I/O data transfer. An EtherNet/IP explicit message has been detected. INFO 7114
74 Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection EtherNet/IP is a communications protocol used in industrial automation applications. EtherNet/IP implements the Common Industrial Protocol (CIP) at the session and application layers and uses TCP as a transport protocol for CIP explicit messages and UDP as a transport protocol for CIP implicit messages. CIP explicit messages are typically used to transmit configuration, diagnostic, and event data. CIP implicit messages are used for realtime I/O data transfer. An EtherNet/IP explicit message has been detected. INFO 7115
75 Common Industrial Protocol (CIP) Identity Object Detection The Common Industrial Protocol (CIP) Identity Object provides identification of and general information about a CIP-enabled device. The CIP I dentity Object detected provides the following information: Vendor ID, Device Type, Product Code, Revision, and Product Name. INFO 7144
76 Rockwell Automation/Allen-Bradley MicroLogix 1100 L16xxx < 10.000 HTTP Remote DoS Rockwell Automation MicroLogix 1100 PLCs contain an unspecified flaw in the password mechanism that may allow a remote denial of service. The issue is only present when the HTTP server is enabled. This may allow a remote attacker to cause the program to crash. HIGH 7198
77 Rockwell Automation/Allen-Bradley MicroLogix 1400 1766-L32xxx Series A < 7.000 / Series B <= 11.000 HTTP Remote DoS Rockwell Automation MicroLogix 1400 PLCs contain an unspecified flaw in the password mechanism that may allow a remote denial of service. The issue is only present when the HTTP server is enabled. This may allow a remote attacker to cause the program to crash. HIGH 7199
78 WellinTech KingSCADA Client Detection via TCP WellinTech KingSCADA is SCADA/HMI software for industrial automation. KingSCADA is found in the transportation, aerospace, electric power, oil and gas, petrochemical, and other industries. KingSCADA Clients use a proprietary communications protocol to access real-time data from KingSCADA Servers. A KingSCADA Client using this proprietary communications protocol has been detected. INFO 7118
79 WellinTech KingSCADA Server Detection via TCP WellinTech KingSCADA is SCADA/HMI software for industrial automation. KingSCADA is found in several industries including transportation, aerospace, electric power, oil and gas, and petrochemical. KingSCADA Clients use a proprietary communications protocol to access real-time data from KingSCADA Servers. A KingSCADA Server using this proprietary communications protocol has been detected. INFO 7130
80 DNP3/TCP Outstation Detection A DNP3/TCP outstation has been detected. DNP3 is a communications protocol used in SCADA systems primarily in the electric utility industry. INFO 7090
81 BACnet/IP Protocol Detection BACnet is a communications protocol for building automation and control. BACnet applications include heating, ventilating, air-conditioning control, lighting control, access control and fire detection systems. There are several options for BACnet data link and physical layers. BACnet/IP (the protocol detected here) uses IP and UDP as a virtual data link layer. INFO 7110
82 BACnet Device Object Detection Each BACnet device has an associated Device object. Device objects contain properties that represent the physical and funct ional properties of a device. Device object properties include application software version, firmware version, model name, object identifier, object name, vendor name, and vendor identifier. INFO 7165
83 WellinTech KingView Client Detection WellinTech KingView is SCADA/HMI software for industrial automation. KingView is found in the transportation, aerospace, electric power, oil and gas, petrochemical, and other industries. KingView Clients use a proprietary communications protocol to access real-time data from KingView Servers. A KingView Client using this proprietary communications protocol has been detected. INFO 7131
84 WellinTech KingView Server Detection WellinTech KingView is SCADA/HMI software for industrial automation. KingView is found in several industries including transportation, aerospace, electric power, oil and gas, and petrochemical. KingView Servers use a proprietary communications protocol to access real-time data from KingView Servers. A KingView Server using this proprietary communications protocol has been detected. INFO 7132
85 Synchrophaser (IEEE C37.118) Client Detection via TCP The remote client is using the Synchrophaser Protocol (IEEE C37.118) over TCP. The Synchrophaser Protocol is used by supervisory clients to remotely configure, monitor and received data from synchrophaser devices. A synchrophaser device is used to monitor, measure and analyze electrical flows at key intersections of the bulk electric grid (such as substations). INFO 7216
86 Synchrophaser (IEEE C37.118) Server Detection via TCP The remote server is using the Synchrophaser Protocol (IEEE C37.118) over TCP. The Synchrophaser Protocol is used by synchrophaser devices to report data and receive remote configuration commands from management clients. A synchrophaser device is used to monitor, measure and analyze electrical flows at key intersections of the bulk electric grid (such as substations). INFO 7217
87 Synchrophaser (IEEE C37.118) Client Detection via UDP The remote client is using the Synchrophaser Protocol (IEEE C37.118) over UDP. The Synchrophaser Protocol is used by supervisory clients to remotely configure, monitor and received data from synchrophaser devices. A synchrophaser device is used to monitor, measure and analyze electrical flows at key intersections of the bulk electric grid (such as substations). INFO 7218
88 Synchrophaser (IEEE C37.118) Server Detection via UDP The remote server is using the Synchrophaser Protocol (IEEE C37.118) over UDP. The Synchrophaser Protocol is used by synchrophaser devices to report data and receive remote configuration commands from management clients. A synchrophaser device is used to monitor, measure and analyze electrical flows at key intersections of the bulk electric grid (such as substations). INFO 7237
89 DNP3/TCP Protocol Detection Distributed Network Protocol (DNP3/TCP) has been detected. DNP3 is a communications protocol used in SCADA systems primarily in the electric utility industry. The detected variant of DNP3, or DNP3/TCP, is encapsulated within TCP for delivery over IP networks. INFO 7226
90 MODBUS/TCP Protocol Detection The Modbus/TCP protocol has been detected. Modbus is a SCADA protocol used in industrial manufacturing and other industries. The detected variant of Modbus, or Modbus/TCP, is encapsulated within TCP for delivery over IP networks. INFO 7227
91 Ethernet/IP Protocol Detection The Ethernet Industrial Protocol (EtherNet/IP) has been detected. EtherNet/IP is a communications protocol used in industrial automation applications. EtherNet/IP implements the Common Industrial Protocol (CIP) at the session and application layers and uses TCP as a transport protocol for CIP explicit messages and UDP as a transport protocol for CIP implicit messages. CIP explicit messages are typically used to transmit configuration, diagnostic, and event data. CIP implicit messages are used for realtime I/O data transfer. INFO 7228
92 IEC 60870-5-104 Protocol Detection The IEC 60870-5-104 protocol has been detected. IEC 60870-5-104 is a Supervisory Control and Data Acquisition (SCADA) protocol used in the power, petrochemical, water treatment, and oil and gas production industries. IEC 60870-5-104 is often used in power systems as a SCADA protocol between control stations and substations. IEC 60870-5-104 is based on IEC 60870-5-101 but uses TCP/IP instead of serial communications. INFO 7229
93 Siemens S7 Protocol Detection The Siemens S7 protocol has been detected. S7 is a proprietary communications protocol developed by Siemens that runs between programmable logic controllers (PLCs) of the Siemens S7 family. It is used for PLC programming, exchanging data between PLCs, accessing PLC data from SCADA (supervisory control and data acquisition) systems, and for diagnostic purposes. INFO 7230
94 IEC 60870-5-104 Server Detection IEC 60870-5-104 is a Supervisory Control and Data Acquisition (SCADA) protocol used in the power, petrochemical, water treatment, and oil and gas production industries. IEC 60870-5-104 is often used in power systems as a SCADA protocol between control stations and substations. IEC 60870-5-104 is based on IEC 60870-5-101 but uses TCP/IP instead of serial. INFO 7139
95 IEC 60870-5-104 Client Detection IEC 60870-5-104 is a Supervisory Control and Data Acquisition (SCADA) protocol used in the power, petrochemical, water treatment, and oil and gas production industries. IEC 60870-5-104 is often used in power systems as a SCADA protocol between control stations and substations. IEC 60870-5-104 is based on IEC 60870-5-101 but uses TCP/IP instead of serial. INFO 7133
96 Saia Burgess Controls PCD Controllers Hard-Coded FTP Credentials Vulnerability

One or more of the following SBC controllers was detected to be running a version of firmware earlier than 1.24.50 :
PCD1.M0xx0
PCD1.M2xx0
PCD2.M5xx0
PCD3.Mxxx0
PCD7.D4xxxT5F
PCD7.D4xxxWTPF
PCD7.D4xxxV
PCD7.D4xxxD
Firmware versions prior to 1.24.50 are implemented with hard-coded FTP credentials. An attacker who exploits this vulnerability would have administrative access to the target device and resources.

HIGH 7183
114 MODBUS/TCP 'Illegal Function Code' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with an Illegal Function Code exception. This means that the function code of the query from the client is not an allowable action for the server. INFO N/A
115 MODBUS/TCP 'Illegal Data Address' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with an Illegal Data Address exception. The data address received in the query is not an allowable address for the server. INFO N/A
116 MODBUS/TCP 'Illegal Data Value' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with an Illegal Data Value exception. A value contained in the query data field is not an allowable value for server. INFO N/A
117 MODBUS/TCP 'Server Device Failure' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with a Server Device Failure exception. An unrecoverable error occurred while the server was attempting to perform the requested action. INFO N/A
118 MODBUS/TCP 'Server Device Busy' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with a Service Device Busy exception. Specialized use in conjunction with programming commands. The server is engaged in processing a log-duration program command. The client should retransmit the message later when the server is free. INFO N/A
119 MODBUS/TCP 'Memory Parity Error' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with a Memory Parity Error exception. Specialized use in conjunction with function codes 20 and 21 and reference type 6, to indicate that the extended file area failed to pass a consistency check. INFO N/A
120 MODBUS/TCP 'Gateway Path Unavailable' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with a Gateway Path Unavailable exception. Specialized use in conjunction with gateways, indicates that the gateway was unable to allocate an internal communication path from the input port to the output port for processing the request. Usually means that the gateway is misconfigured or overloaded. INFO N/A
121 MODBUS/TCP 'Gateway Target Device Failed to Respond' Exception Code Detection (SCADA) The MODBUS/TCP server has sent a MODBUS client a response with a Gateway Target Device Failed to Respond exception. Specialized use in conjunction with gateways, indicates that no response was obtained from the target device. Usually means that the device is not present on the network. INFO N/A
122 Ethernet/IP CIP List Identity Device Detection Response The Ethernet/IP CIP (Common Industrial Protocol) List Identity command provides identification of and general information about an Ethernet/IP-enabled device. INFO N/A
123 Ethernet/IP CIP SendRRData Get Attribute All Device Identity Response The Ethernet/IP CIP (Common Industrial Protocol) SendRRData command Get Attribute All Device Identity response provides identification of and general information about an Ethernet/IP-enabled device. INFO N/A
124 DNP3/TCP 'Write' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Write command. The Write command, function code 2 (0x02), is a Transfer control function used to store control information at the outstation. INFO N/A
125 DNP3/TCP 'Select' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Select command. The Select command, function code 3 (0x03), is used to select, or arm points to be operated on. INFO N/A
126 DNP3/TCP 'Operate' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Operate command. The Operate command, function code 4 (0x04), is used to set or produce the output actions on the points previously selected. INFO N/A
127 DNP3/TCP 'Direct Operate' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Direct Operate command. The Direct Operate command, function code 5 (0x05), lacks the security feature of SBO. Direct operate forces selected points to execute the specified action without a verification check of the selected outstations. INFO N/A
128 DNP3/TCP 'Direct Operate/No Response' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the Direct Operate/No Response command. The Direct Operate/No Response command, function code 6 (0x06), lacks the security feature of SBO. Direct operate forces selected points to execute the specified action without a verification check of the selected outstations. INFO N/A
129 DNP3/TCP 'Enable Unsolicited Messages' Function Code Detection (SCADA) The DNP3/TCP master has sent an outstation the 'Enable Unsolicited Messages' command. The Enable Unsolicited Messages command, function code 20 (0x14), enables spontaneous reporting of the specified objects. INFO N/A
130 Rockwell Automation/Allen-Bradley 1756 ControlLogix Controller Detection A Rockwell Automation/Allen-Bradley 1756 ControlLogix Controller PLC has been detected. The 1756 ControlLogix Controller is a scalable controller solution that is capable of addressing many I/O points. INFO N/A
131 Rockwell Automation/Allen-Bradley 1756 ControlLogix Communication Module Detection A Rockwell Automation/Allen-Bradley 1756 ControlLogix Communication Module communication adapter has been detected. This 1756 ControlLogix Communication Module is used to add Ethernet/IP communication capabilities to a PLC. INFO N/A

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.