Modicon PLC CPU Type SNMP Request Model Type Remote Disclosure

medium Nessus Plugin ID 23823

Language:

Synopsis

It is possible to obtain the model information of a Modicon PLC using an SNMP Get Request.

Description

The Modicon Quantum, Premium, and Momentum brands of PLC's have a private SNMP MIB that is available on the Internet. The type of Modicon PLC has been obtained via an SNMP Get Request. The response will be the model type such as 'Quantum'.

An attacker may use this information to profile the SCADA system and investigate known vulnerabilities of the PLC.

Solution

Change default community strings to a value not easily guessed and filter access to the SNMP port.

Plugin Details

Severity: Medium

ID: 23823

File Name: scada_modicon_snmp_cputype.nbin

Version: 1.131

Type: remote

Family: SCADA

Published: 12/11/2006

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SNMP/community

Detections

Analytics