CVE-2020-7233

KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOORNAME variable in the BCLogon.swf file...

CVE-2025-40556

A vulnerability has been identified in BACnet ATEC 550-440 All versions, BACnet ATEC 550-441 All versions, BACnet ATEC 550-445 All versions, BACnet ATEC 550-446 All versions. Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the sa...

EUVD-2020-28361

Malware in sbrugna...

Siemens APOGEE PXC and TALON TC Series

SUMMARY APOGEE PXC and TALON TC Series BACnet Devices devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a...

BACnet Scanner

Discover BACnet devices by broadcasting Who-is message, then poll discovered devices for properties including model name, software version, firmware revision and description. Module Options msf use auxiliary/scanner/scada/bacnetl3 msf auxiliarybacnetl3 show actions ...actions... msf...

ICS-security

This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several categories, including a directory of...

bacnet-info NSE Script

Discovers and enumerates BACNet Devices collects device information based off standard requests. In some cases, devices may not strictly follow the specifications, or may comply with older versions of the specifications, and will result in a BACNET error response. Presence of this error positivel...