CONPOT

简介

CONPOT是Glastopf下一个开源的ICS/SCADA蜜罐系统,工具可以实现ModBus SNMP等PLC的外部子站服务的模拟仿真。

About

Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI’s or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.

官方链接

Conpot
Conpot Github

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Advantech WebAccess

This advisory includes mitigations for stack-based buffer overflow, external control of file name or path, improper privilege management, and path tra. . . read more Tue, 23 Oct 2018 10:10:09 EDT

GAIN Electronic Co. Ltd SAGA1-L Series

This advisory includes mitigations for authentication bypass by capture-relay, improper access control, and improper authentication vulnerabilities in. . . read more Tue, 23 Oct 2018 10:05:48 EDT

Telecrane F25 Series

This advisory includes mitigations for an authentication bypass by capture-replay vulnerability in the Telecrane F25 Series software.. . . read more Tue, 23 Oct 2018 10:00:54 EDT

Omron CX-Supervisor

This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer, out-of-bounds read, use-after-free, an. . . read more Wed, 17 Oct 2018 08:55:45 EDT

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

This advisory includes mitigations for untrusted pointer dereference, out-of-bounds read, integer overflow to buffer overflow, path traversal, out-of-. . . read more Tue, 16 Oct 2018 14:44:39 EDT

NUUO NVRmini2 and NVRsolo

This advisory includes mitigations for stack-based buffer overflow and leftover debug code vulnerabilities in NUUO's NVRmini2 and NVRsolo network. . . read more Thu, 11 Oct 2018 10:10:11 EDT

NUUO CMS

This advisory includes mitigations for use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical res. . . read more Thu, 11 Oct 2018 10:05:11 EDT

Delta Industrial Automation TPEditor

This advisory includes mitigations for out-of-bounds write and stack-based buffer overflow vulnerabilities in the Delta Industrial Automation TPEditor. . . read more Thu, 11 Oct 2018 10:00:20 EDT

GE iFix

This advisory includes mitigations for an unsafe ActiveX control marked safe for scripting vulnerability in a Gigasoft component affecting GE’s iFix. . . read more Tue, 09 Oct 2018 10:30:34 EDT

Siemens SCALANCE W1750D

This advisory includes mitigations for a cryptographic issues vulnerability in Siemens' SCALANCE W1750D direct access point hardware.. . . read more Tue, 09 Oct 2018 10:25:37 EDT

Siemens ROX II

This advisory includes mitigations for improper privilege management vulnerabilities in the Siemens ROX II products.. . . read more Tue, 09 Oct 2018 10:20:19 EDT

Siemens SIMATIC S7-1200 CPU Family Version 4

This advisory includes mitigations for a cross-site request forgery vulnerability in the Siemens SIMATIC S7-1200 CPU products.. . . read more Tue, 09 Oct 2018 10:15:18 EDT

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller

This advisory includes mitigations for a denial of service from improper input validation vulnerability in the Siemens SIMATIC S7-1500, SIMATIC S7-150. . . read more Tue, 09 Oct 2018 10:10:22 EDT

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

This advisory includes information on the predictable from observable state, hidden functionality, and missing encryption of sensitive data vulnerabil. . . read more Tue, 09 Oct 2018 10:05:48 EDT

Fuji Electric Energy Savings Estimator

This advisory includes mitigations for an uncontrolled search path element (DLL Hijacking) vulnerability in the Fuji Electric Energy Savings Estimator. . . read more Tue, 09 Oct 2018 10:00:12 EDT

Carestream Vue RIS

This advisory includes mitigations for an information exposure through an error message vulnerability in the Carestream Vue RIS, a web-based radiology. . . read more Thu, 04 Oct 2018 10:10:11 EDT

Change Healthcare PeerVue Web Server

This advisory includes mitigations for an information exposure through an error message vulnerability in the Change Healthcare PeerVue Web Server.. . . read more Thu, 04 Oct 2018 10:05:49 EDT

WECON PI Studio

This advisory includes information on stack-based buffer overflow, out-of-bounds write, and out-of-bounds read vulnerabilities in WECON’s PI Studio. . . read more Thu, 04 Oct 2018 10:00:35 EDT

Delta Electronics ISPSoft

This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics ISPSoft software.. . . read more Tue, 02 Oct 2018 10:10:16 EDT

GE Communicator

This advisory includes mitigations for a heap-based buffer overflow vulnerability in GE's Communicator, an application for programming and monito. . . read more Tue, 02 Oct 2018 10:05:06 EDT