DNP3 Link Layer Brute Force Addressing Disclosure

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

It is possible to determine the link layer address of a DNP3 station
by iterating through likely values.

Description :

The DNP3 protocol is a multi-layer protocol that begins with a link
layer connection. The DNP3 link layer address is required to
establish a link layer connection. The DNP3 link layer address for
the host was easily guessed, and a valid DNP3 link layer connection
was established.

If a link layer connection is successful, additional Read/Write
operations to compromise the integrity process control data may be
possible.

Solution :

Select more complex link layer addresses or filter access to TCP port
20000.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: SCADA

Nessus Plugin ID: 23808 ()

Bugtraq ID:

CVE ID: