Modicon Quantum TFTP Arbitrary File Upload
High Nessus Plugin ID 57600
SynopsisThe remote Modicon Quantum controller allows uploading arbitrary files over TFTP.
DescriptionThe remote device is a Modicon Quantum Controller that allows arbitrary file uploads. This can facilitate other attacks since an arbitrary amount of code can be stored on the device and run at a later time.
Additionally, a denial of service vulnerability exists where an attacker can fill the ramdisk and cause the system to crash.
SolutionBlock access to the TFTP port.