Plugins: SCADA

Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities

CODESYS WAGO WebVisu Password Information Disclosure Vulnerability

CODESYS WAGO WebVisu Detection

Honeywell FALCON XLWeb Controller Multiple Vulnerabilities

Honeywell FALCON XLWeb Controller Detection

Triangle MicroWorks SCADA Data Gateway < 3.3.729 Heartbeat Information Disclosure (Heartbleed)

Triangle MicroWorks SCADA Data Gateway < 3.0.635 Multiple DoS Vulnerabilities

Triangle MicroWorks SCADA Data Gateway Detection (credentialed check)

Cogent DataHub < 7.3.5 Multiple Vulnerabilities

Advantech WebAccess webvact ActiveX Multiple Buffer Overflow Vulnerabilities

Advantech WebAccess Web Administration Interface Detection

Advantech WebAccess Default Credential Check

Advantech WebAccess Multiple Vulnerabilities

Advantech WebAccess Stored Cross-Site Scripting

Advantech WebAccess Multiple BWOCXRUN.OCX ActiveX Vulnerabilities

BACnet Protocol Detection

RuggedCom RuggedOS HTTP Traffic Handling Remote DoS

RuggedCom RuggedOS SNMP Protocol Unspecified DoS

Ecava IntegraXor < 4.1.4410 Information Disclosure

Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution

Mitsubishi Electric Automation MC-WorX Suite Detection

StruxureWare SCADA Expert ClearSCADA Unspecified Vulnerability

StruxureWare SCADA Expert ClearSCADA Detection

TURCK BL20/BL67 Hardcoded Admin Account

3S CoDeSys Runtime Toolkit NULL Pointer Dereference (uncredentialed check)

3S CoDeSys Runtime Toolkit NULL Pointer Dereference (credentialed check)

CoDeSys 2.x Development System Detection (credentialed check)

Cogent DataHub < 7.3.4 Malformed POST Request Buffer Overflow

StruxureWare SCADA Expert ClearSCADA < 2013 R2 Remote DoS

Ecava IntegraXor < 4.1.4390 Buffer Overflow

Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

Schneider Electric Accutech Manager 'RFManagerService' SQL Injection

InduSoft Web Studio Arbitrary Script Execution

KEPServerEX < 5.12.140.0 Denial of Service

KEPServerEX Detection

ClearSCADA Web Server Remote Denial of Service

ClearSCADA Web Server Detection

Cogent DataHub < 7.3.0 Multiple Vulnerabilities

Cogent DataHub Tunnel/Mirror Service Detection

Siemens SCALANCE X-200 Web Session Hijacking

Siemens SCALANCE X-200 Authentication Bypass

ProSoft RadioLinx ControlScape PRNG Weakness

ProSoft RadioLinx ControlScape Install Detection

RuggedCom RuggedOS < 3.12.2 Multiple Vulnerabilities

WellinTech KingView ActiveX Multiple Arbitrary File Overwrite Vulnerabilities

Tridium Niagara AX Web Server Multiple Vulnerabilities

Tridium Niagara AX Web Server Directory Traversal 'config.bog' Disclosure Remote Compromise

Tridium Niagara AX Web Server Detection

CoDeSys Gateway Service < 2.3.9.28 Use-After-Free

Mitsubishi MX Component ActiveX Remote Code Execution

Clorius Controls ISC SCADA Information Disclosure

Clorius Controls ISC SCADA Detection

Honeywell Multiple Products HscRemoteDepoy.dll ActiveX Control Arbitrary Code Execution

Schneider Electric Accutech Manager RFManagerService Heap Overflow

Schneider Electric Accutech Manager Detection

CoDeSys Gateway Service < 2.3.9.27 Multiple Vulnerabilities

CoDeSys Unprotected Gateway Service

CoDeSys Gateway Service Detection

Siemens SIMATIC RF-MANAGER KeyHelp.ocx Buffer Overflow

Siemens SIMATIC RF-MANAGER Detection

Ecava IntegraXor < 4.00.4283 ActiveX Remote Buffer Overflow

RuggedCom RuggedOS < 3.12.1 Web UI Multiple Security Vulnerabilities

Schneider Electric Interactive Graphical SCADA System (IGSS) Unsupported Version

Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow

Siemens Automation License Manager CVE-2012-4691 Denial of Service

Siemens Automation License Manager 'almaxcx.dll' ActiveX Arbitrary File Overwrite Vulnerability

Siemens Automation License Manager Multiple Vulnerabilities

Siemens Automation License Manager Detection

IOServer XML Server URI Directory Traversal Arbitrary File Access

IOServer Detection

CoDeSys Unauthenticated Command-line Access

CoDeSys Authentication Bypass Directory Traversal

CoDeSys PLC Runtime Service Detection

Magnum MNS-6K Hardcoded Admin Account

Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities

Sielco Sistemi Winlog < 2.07.18 Multiple Vulnerabilities

Sielco Sistemi Winlog Arbitrary File Disclosure

Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities

Advantech Studio Detection

WellinTech KingHistorian Detection

Measuresoft ScadaPro Path Subversion Arbitrary DLL Injection Code Execution

Measuresoft ScadaPro < 4.0.1.0 service.exe Multiple Vulnerabilities (credentialed check)

Measuresoft ScadaPro < 4.0.1.0 service.exe RF Command Arbitrary File Disclosure

Measuresoft ScadaPro Detection

RuggedCom RuggedOS Web-Based Admin Interface Default Credentials

RuggedCom RuggedOS (ROS) Web-Based Admin Interface Detection

WellinTech KingSCADA 3.1 < 2012-04-16 user.db Base-64 Encoding Local Credentials Disclosure

WellinTech KingSCADA Detection

WellinTech KingOPCServer Detection

WellinTech KingView 6.53 < 2012-03-22 Multiple Vulnerabilities

WellinTech KingView 6.53 < 2011-11-20 HistoryServer.exe nettransdll.dll Module Op-code 3 Packet Parsing Remote Overflow

WellinTech KingView 6.53 < 2010-12-15 HistorySvr.exe TCP Request Remote Overflow

WellinTech KingView Detection

WellinTech KingView History Server Detection

Ecava IntegraXor igcom.dll Traversal Arbitrary File Overwrite

7-Technologies IGSS < 9.0.0.11291 DLL Loading Arbitrary Code Execution

RuggedCom RuggedOS Default 'factory' Account Backdoor

Microsys PROMOTIC < 8.1.5 Multiple Vulnerabilities

Microsys PROMOTIC Project File Handling Use-after-free Remote Code Execution

Microsys PROMOTIC Detection

7-Technologies TERMIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution

7-Technologies TERMIS Detection

7-Technologies AQUIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution

7-Technologies AQUIS Detection

Sensitive information can be obtained from the GE D20 Remote Terminal Unit via TFTP

SEL Controller Default Credentials

Modicon Quantum TFTP Arbitrary File Upload

MicroLogix 1100 PLC Default Credentials

GE D20 Default Credentials

Advantech / BroadWin WebAccess webvrpcs.exe Service Remote Code Execution (uncredentialed check)

Advantech / BroadWin WebAccess webvrpcs.exe Service Remote Code Execution (credentialed check)

Advantech / BroadWin WebAccess Client 'bwocxrun.ocx ' Multiple Remote Vulnerabilities

Sielco Sistemi Winlog Pro < 2.07.01 TCP/IP Server Runtime.exe Packet Handling Remote Overflow

Sielco Sistemi Winlog Detection

Ecava IntegraXor Path Subversion Arbitrary DLL Injection Code Execution

Ecava IntegraXor < 3.60.4080 XSS

7-Technologies IGSS < 9.0.0.11143 ODBC Remote Memory Corruption

7-Technologies IGSS < 9.0.0.11129 Multiple DoS Vulnerabilities

Samsung Data Management Server Default Password (rkwjsdusrnth) for 'root' Account

Samsung Data Management Server < 1.4.3 verifyUser Method SQL Injection

Modbus/TCP Master OPC Server MODBUS Protocol Response Packet Remote Overflow

Automated Solutions Modbus/TCP OPC Server Detection

Ecava IntegraXor < 3.60.4050 Unspecified SQL Injection

Ecava IntegraXor Detection

RealWin < 2.1.12 Multiple Buffer Overflows

RealFlex Technologies RealWin Detection

Movicon TcpUploadServer Data Leakage (remote check)

Movicon TcpUploadServer Detection

Movicon < 11.2 Build 1084 Multiple Vulnerabilities

Movicon SCADA/HMI Software Detection

IGSS Data Server Directory Traversal Arbitrary File Access

7-Technologies / Schneider-Electric IGSS Detection

Moxa Device Manager Tool MDM2_Gateway Response Remote Overflow

Ecava IntegraXor ActiveX save Method Buffer Overflow

RealWin < 2.1.10 Multiple Packet Type Processing Overflows

Moxa Device Manager Gateway Detection

BACnet OPC Client < 1.0.25 Buffer Overflow

Siemens SIMATIC WinCC Default Password Authentication Bypass

Netbiter Config NetbiterConfig.exe Device Hostname Remote Overflow

CitectSCADA ODBC Server Remote Buffer Overflow

CitectSCADA Detection

Automated Solutions Modbus Slave MiniHMI.exe ActiveX Modbus/TCP Diagnostic Function Arbitrary Code Execution

LiveData Server Multiple Remote Vulnerabilities

Takebishi Electric DeviceXPlorer OPC Server Multiple Vulnerabilities

SISCO OSI Stack Malformed Packet Remote DoS

ICONICS Dialog Wrapper Module ActiveX (DlgWrapper.dll) DoModal Function Overflow

OPC Historical Data Access (HDA) Server Detection

OPC Data Access (DA) Server Detection

OPC Application Components Detection

Modicon Quantum Telnet Server Default Credentials

Modicon PLC Web Password Status Disclosure SNMP Request Password Status Remote Disclosure

Modicon PLC Modbus Slave Mode SNMP Request Modbus Mode Remote Disclosure

Modicon PLC IO Scan Status SNMP Request Scan Status Remote Disclosure

Modicon PLC CPU Type SNMP Request Model Type Remote Disclosure

Modicon Quantum HTTP Server Default Credentials

Modicon Quantum FTP Server Default Credentials

Modicon PLC Embedded HTTP Server Detection

Modicon Modbus/TCP Programming Function Code Access

Modbus/TCP Discrete Input Access

Modbus/TCP Coil Access

Tamarack IEC 61850 Server Detection

SISCO OSI/ICCP Stack Detection

SISCO OSI Stack Vulnerability Scan Remote DoS

LiveData ICCP Server Detection

ICCP/COTP TSAP Addressing Weakness

ICCP/COTP (ISO 8073) Protocol Detection

DNP3 Outstation Unsolicited Messaging Support

DNP3 Binary Inputs Access Remote Information Disclosure

DNP3 Link Layer Brute Force Addressing Disclosure

Siemens-Telegyr ICCP Gateway Detection

Telvent OASyS System Detection

Siemens S7-SCL Development Tools Detection

Siemens SIMATIC PDM Detection

National Instruments Lookout Detection

Matrikon OPC Server for ControlLogix Detection

Matrikon OPC Explorer Detection

Matrikon OPC Server for Modbus Detection

Areva/Alstom Energy Management System Detection