工具分享 工控安全

分享一个施耐德以太网模块的老版本固件

获取方式

Unity OS Loader于NOE 771 01模块远程上传(V3.60版本固件FTP使用默认口令认证,OS Loader远程上传时不需要口令及设备MAC地址确认)

用途思考

1、静态部分可以用作防站(蜜罐)
image001_1
2、熟悉PLC内部文件架构
3、固件二进制分析

文件列表

commandList.lst
FLASH0
FLASH0/bin
FLASH0/ftp
FLASH0/fw
FLASH0/gdt
FLASH0/rdt
FLASH0/webloader.ini
FLASH0/wwwroot
FLASH0/bin/$TMP_EMPTY_DIR
FLASH0/ftp/$TMP_EMPTY_DIR
FLASH0/fw/crashlog.txt
FLASH0/fw/fw.ini //固件版本
FLASH0/fw/hw.ini
FLASH0/gdt/$TMP_EMPTY_DIR
FLASH0/rdt/password.rde //调用密码
FLASH0/wwwroot/cgi-bin
FLASH0/wwwroot/classes
FLASH0/wwwroot/conf
FLASH0/wwwroot/html
FLASH0/wwwroot/images
FLASH0/wwwroot/index.htm //web首页文件
FLASH0/wwwroot/lib
FLASH0/wwwroot/SchneiderTFE.zip //施耐德MIB文件
FLASH0/wwwroot/secure
FLASH0/wwwroot/unsecure
FLASH0/wwwroot/cgi-bin/$TMP_EMPTY_DIR
FLASH0/wwwroot/classes/jvmver.jar //JAVA APP
FLASH0/wwwroot/classes/RDE.jar //JAVA APP
FLASH0/wwwroot/classes/SAComm.jar //JAVA APP
FLASH0/wwwroot/classes/SysDiag.jar //JAVA APP
FLASH0/wwwroot/classes/webcfg.jar //JAVA APP
FLASH0/wwwroot/classes/webdiag.jar //JAVA APP
FLASH0/wwwroot/classes/XMLParser.jar//JAVA APP
FLASH0/wwwroot/classes/xmlrpc-1.1.jar //JAVA APP
FLASH0/wwwroot/conf/bootp
FLASH0/wwwroot/conf/dhcp
FLASH0/wwwroot/conf/diag
FLASH0/wwwroot/conf/exec
FLASH0/wwwroot/conf/fw
FLASH0/wwwroot/conf/Gcnftcop.sys
FLASH0/wwwroot/conf/glbdata
FLASH0/wwwroot/conf/ioscanner
FLASH0/wwwroot/conf/snmp
FLASH0/wwwroot/conf/bootp/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/dhcp/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/diag/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/exec/kerVer
FLASH0/wwwroot/conf/exec/NOE77101.bin //Quantum Ethernet Executive firmware Ver. 3.60
FLASH0/wwwroot/conf/fw/fw.ini
FLASH0/wwwroot/conf/glbdata/glbdata.ini
FLASH0/wwwroot/conf/ioscanner/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/snmp/snmp.ini
FLASH0/wwwroot/html/config.js //定义了WEB界面title可做通用设备识别
FLASH0/wwwroot/html/english
FLASH0/wwwroot/html/images
FLASH0/wwwroot/html/lib
FLASH0/wwwroot/html/english/control
FLASH0/wwwroot/html/english/diagnostic
FLASH0/wwwroot/html/english/documentation
FLASH0/wwwroot/html/english/header.htm
FLASH0/wwwroot/html/english/home
FLASH0/wwwroot/html/english/index.htm
FLASH0/wwwroot/html/english/maintenance
FLASH0/wwwroot/html/english/monitoring
FLASH0/wwwroot/html/english/setup
FLASH0/wwwroot/html/english/control/index.htm
FLASH0/wwwroot/html/english/control/menu.htm
FLASH0/wwwroot/html/english/diagnostic/index.htm
FLASH0/wwwroot/html/english/diagnostic/menu.htm
FLASH0/wwwroot/html/english/documentation/index.htm
FLASH0/wwwroot/html/english/documentation/menu.htm
FLASH0/wwwroot/html/english/home/home.htm
FLASH0/wwwroot/html/english/home/index.htm
FLASH0/wwwroot/html/english/home/menu.htm
FLASH0/wwwroot/html/english/maintenance/index.htm
FLASH0/wwwroot/html/english/maintenance/menu.htm
FLASH0/wwwroot/html/english/monitoring/index.htm
FLASH0/wwwroot/html/english/monitoring/menu.htm
FLASH0/wwwroot/html/english/setup/index.htm
FLASH0/wwwroot/html/english/setup/menu.htm
FLASH0/wwwroot/html/images/noe77101.jpg //产品型号图片
FLASH0/wwwroot/html/images/Telemecanique.gif
FLASH0/wwwroot/html/images/TelemecaniquePocketPC.gif
FLASH0/wwwroot/html/lib/css
FLASH0/wwwroot/html/lib/images
FLASH0/wwwroot/html/lib/js
FLASH0/wwwroot/html/lib/css/header.css
FLASH0/wwwroot/html/lib/css/main.css
FLASH0/wwwroot/html/lib/css/menu.css
FLASH0/wwwroot/html/lib/images/left.gif
FLASH0/wwwroot/html/lib/images/moins.gif
FLASH0/wwwroot/html/lib/images/plus.gif
FLASH0/wwwroot/html/lib/images/right.gif
FLASH0/wwwroot/html/lib/js/header.js
FLASH0/wwwroot/html/lib/js/home.js
FLASH0/wwwroot/html/lib/js/index.js
FLASH0/wwwroot/html/lib/js/menu.js
FLASH0/wwwroot/html/lib/js/tools.js
FLASH0/wwwroot/images/eight_io.gif
FLASH0/wwwroot/images/empty.gif
FLASH0/wwwroot/images/hiendcpu.gif
FLASH0/wwwroot/images/logo.gif
FLASH0/wwwroot/images/miniplc.gif
FLASH0/wwwroot/images/module.gif
FLASH0/wwwroot/lib/home.js
FLASH0/wwwroot/lib/main.css
FLASH0/wwwroot/lib/main.js
FLASH0/wwwroot/secure/embedded
FLASH0/wwwroot/secure/system
FLASH0/wwwroot/secure/user
FLASH0/wwwroot/secure/embedded/bandwidth.htm
FLASH0/wwwroot/secure/embedded/chkdsk.htm
FLASH0/wwwroot/secure/embedded/classes
FLASH0/wwwroot/secure/embedded/dhcp_node_config.htm
FLASH0/wwwroot/secure/embedded/format_flash.htm
FLASH0/wwwroot/secure/embedded/french
FLASH0/wwwroot/secure/embedded/ftp_passwd_config.htm
FLASH0/wwwroot/secure/embedded/german
FLASH0/wwwroot/secure/embedded/globaldata.htm
FLASH0/wwwroot/secure/embedded/http_passwd_config.htm
FLASH0/wwwroot/secure/embedded/images
FLASH0/wwwroot/secure/embedded/ioscanning.htm
FLASH0/wwwroot/secure/embedded/messaging.htm
FLASH0/wwwroot/secure/embedded/reboot.htm
FLASH0/wwwroot/secure/embedded/set_readonly.htm
FLASH0/wwwroot/secure/embedded/smtpconf.htm
FLASH0/wwwroot/secure/embedded/smtpdiag.htm
FLASH0/wwwroot/secure/embedded/spanish
FLASH0/wwwroot/secure/embedded/support.htm
FLASH0/wwwroot/secure/embedded/web_page_Ver.ini
FLASH0/wwwroot/secure/embedded/classes/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/french/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/german/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/images/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/spanish/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/system/ctrlstat.htm
FLASH0/wwwroot/secure/system/ethernet.htm
FLASH0/wwwroot/secure/system/plccfg.htm
FLASH0/wwwroot/secure/system/rde.htm
FLASH0/wwwroot/secure/system/riostat.htm
FLASH0/wwwroot/secure/user/$TMP_EMPTY_DIR
FLASH0/wwwroot/unsecure/user
FLASH0/wwwroot/unsecure/user/$TMP_EMPTY_DIR

固件下载(noe77101_OS.bin)

About Z-0ne

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Tec4Data SmartCooler

This advisory includes mitigations for a missing authentication for critical function vulnerability in Tec4Data's SmartCooler, a cooling applianc. . . read more Thu, 20 Sep 2018 12:00:41 EDT

Rockwell Automation RSLinx Classic

This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and resource exhaustion vulnerabilities in Rockwell Au. . . read more Thu, 20 Sep 2018 11:55:00 EDT

WECON PLC Editor

This advisory includes mitigations for a stack-based buffer overflow vulnerability in WECON’s PLC Editor, a ladder logic software.. . . read more Tue, 18 Sep 2018 11:25:23 EDT

Honeywell Mobile Computers with Android Operating Systems

This advisory includes mitigations for an improper privilege management vulnerability in the Honeywell mobile computers running the Android Operating. . . read more Thu, 13 Sep 2018 11:34:56 EDT

Fuji Electric V-Server

This advisory includes mitigations for use-after free, untrusted pointer dereference, heap-based buffer overflow, out-of-bounds write, integer underfl. . . read more Tue, 11 Sep 2018 10:20:44 EDT

Fuji Electric V-Server Lite

This advisory includes mitigation recommendations for a classic buffer overflow vulnerability in Fuji Electric's V-Server Lite, a data collection. . . read more Tue, 11 Sep 2018 10:15:52 EDT

Siemens TD Keypad Designer

This advisory includes mitigation recommendations for an uncontrolled search path element vulnerability in Siemens' TD Keypad Designer.. . . read more Tue, 11 Sep 2018 10:10:18 EDT

Siemens SIMATIC WinCC OA

This advisory includes mitigation recommendations for an improper access control vulnerability in Siemens' SIMATIC WinCC OA.. . . read more Tue, 11 Sep 2018 10:05:12 EDT

Siemens SCALANCE X Switches

This advisory includes mitigation recommendations for an improper input validation vulnerability in Siemens' SCALANCE X switches used to connect. . . read more Tue, 11 Sep 2018 10:00:18 EDT

Ice Qube Thermal Management Center

This advisory includes mitigation recommendations for improper authentication and unprotected storage of credentials vulnerabilities in Ice Qube'. . . read more Thu, 06 Sep 2018 13:21:57 EDT

Opto22 PAC Control Basic and PAC Control Professional

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22's PAC Control software.. . . read more Tue, 04 Sep 2018 10:30:01 EDT

Philips e-Alert Unit

This advisory includes mitigation recommendations for numerous vulnerabilities in Phillips' e-Alert Unit, a non-medical device.. . . read more Thu, 30 Aug 2018 11:22:01 EDT

Qualcomm Life Capsule

This advisory includes mitigations for a code weakness vulnerability in the Qualcomm Life Capsule Datacaptor Terminal Server software.. . . read more Tue, 28 Aug 2018 10:20:24 EDT

Schneider Electric Modicon M221

This advisory includes mitigation recommendations for information management errors, and permissions, privileges, and access controls vulnerabilities. . . read more Tue, 28 Aug 2018 10:15:25 EDT

Schneider Electric Modicon M221

This advisory includes mitigation recommendations for an improper check for unusual or exceptional conditions vulnerability in Schneider Electric’s. . . read more Tue, 28 Aug 2018 10:10:14 EDT

Schneider Electric PowerLogic PM5560

This advisory includes mitigation recommendations for a cross-site scripting vulnerability in Schneider Electric's PowerLogic PM5560 power manage. . . read more Tue, 28 Aug 2018 10:05:11 EDT

ABB eSOMS

This advisory includes mitigation recommendations for an improper authentication vulnerability in ABB’s eSOMS.. . . read more Tue, 28 Aug 2018 10:00:11 EDT

BD Alaris Plus

This medical device advisory includes mitigation recommendations for an improper authentication vulnerability in specific versions of BD’s Alaris Pl. . . read more Thu, 23 Aug 2018 10:00:26 EDT

Philips IntelliVue Information Center iX (Update A)

This updated medical device advisory is a follow-up to the original medical device advisory titled ICSMA-18-233-01 Philips IntilliVue Information Cent. . . read more Tue, 21 Aug 2018 10:05:29 EDT

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawa's iDefine, STARDOM, ASTPLANNER, and. . . read more Tue, 21 Aug 2018 10:00:11 EDT