工业控制SCADA(Supervisory Control And Data Acquisition,数据采集与监控)系统对工业生产过程进行数据采集、监测和控制,保证工业生产过程的正常运转,它是电力、石油、冶金、天然气、铁路、供水、化工等关系国家命脉的基础产业的神经中枢。
随着计算机技术和网络通信技术应用于工业控制系统,带来了工业控制网络的诸多安全问题,如病毒、信息泄漏和篡改、系统不能使用等。由于SCADA系统安全关乎国民经济和社会生活,有关方面并不愿意披露安全事件,因此现实发生的事件要远远大于已经报道的,业界估计每年未见报道的攻击事件在100至500例之间。近年来,对工业控制系统的攻击呈快速增长趋势,据国外安全专家的报告,2000年以来对工业控制系统的成功攻击数量增长了近10倍,2002年上半年就有70%的能源与电力公司至少经历了一次网络攻击。美国国土安全部2004年发现了1700个SCADA设施存有外部可以攻击的漏洞,这些设施包括化工厂、购物中心、水坝和桥梁等。
从当前网络黑客所掌握的攻击技术来看,存有个人恶意企图的攻击者可能会利用一些大型SCADA系统的安全漏洞获取诸如电力、石油、天然气管道以及其他大型设备的控制权,一旦这些控制权被黑客所掌握,进行致瘫攻击,将使这些国家基础行业的生产蒙受重大损失。
而黑客攻击SCADA系统之前,必先知道其目标设备的类型,所以如下表所示为工业控制系统中常见的Dork:
| Product | Vendor | Type | Dorks |
|---|---|---|---|
| General | ABB | Multiple Devices | ABB Webmodule |
| AC 800M | ABB | Controller | ABB AC 800M |
| SREA-01 | ABB | Ethernet Adapter Module | ABB SREA-01 |
| RTU500 | ABB | Ethernet Adapter Module | ABB RTU560 |
| General | ACKP | Multiple Devices | AKCP Embedded Web Server |
| A850 Telemetry Gateway | Adcon Telemetry | Base Station | A850 Telemetry Gateway |
| A850 Telemetry Gateway (ver2) | Adcon Telemetry | Base Station | title:adcon |
| A440 Wireless Modem | Adcon Telemetry | Base Station | A440 Wireless Modem |
| addVANTAGE Pro 6.1, 6.5 | Adcon Telemetry | HMI | addVANTAGE |
| addUPI-OPC Server | Adcon Telemetry | OPC Software | addUPI Server |
| Modicon | BACnet | Multiple Devices | Quantum BACnet |
| IPC@CHIP | Beck IPC | PLC | IPC@CHIP |
| General | BroadWeb | Multiple Devices | BroadWeb |
| Eplus - B/IP to B/WS Gateway Firewall | Cimetrics | Firewall Gateway | Cimetrics Eplus Web Server |
| ISC SCADA | Clorius Controls A/S | SCADA Software | ISC SCADA Service HTTPserv:00001 |
| WebVisu | Codesys | Building Automation Software | Webvisu |
| enteliTOUCH | Delta Controls | HMI | DELTA enteliTOUCH |
| i.LON SmartServer | Echelon | Programmable Modules | i.LON |
| i.LON SmartServer | Echelon | Building Energy Management Solution, LonWorks/IP Server, Internet Server | i.LON |
| i.LON SmartServer 2.0 | Echelon | Building Energy Management Solution, LonWorks/IP Server, Internet Server | i.LON |
| i.LON 600 | Echelon | Building Energy Management Solution, LonWorks/IP Server, Internet Server | i.LON |
| i.LON 100e4 | Echelon | Building Energy Management Solution, LonWorks/IP Server, Internet Server | i.LON |
| Nexus 1500 | Electro Industries/GaugeTech | Power Quality Meter | EIG Embedded Web Server |
| Nexus 1500+ | Electro Industries/GaugeTech | Power Quality Meter | EIG Embedded Web Server |
| Communicator EXT 3.0 | Electro Industries/GaugeTech | Power Monitoring Software | EIG Embedded Web Server |
| Enacto | Elster EnergyICT | Energy Management Software | EnergyICT |
| RTU | Elster EnergyICT | Remote Data Concentrator | EnergyICT RTU |
| eiPortal | Elster EnergyICT | Energy Monitoring Software | eiPortal |
| ServerView | Fujitsu | Management Software | serverview |
| Cimplicity | General Electric | Video Streaming Recorder | CIMPLICITY-HttpSvr |
| CIMPLICITY WebView | General Electric | Video Streaming Recorder | CIMPLICITY WebView |
| Proficy | General Electric | Proccess Automation System | ProficyPortal |
| EtherNet/IP | HMS | Industrial Network Interface | HMS AnyBus-S WebServer |
| Modbus-TCP Interface | HMS | Modbus TCP Interface | HMS AnyBus-S WebServer |
| AirWorks AWK-3131-RCC | Moxa | Industrial 802.11n wireless AP/bridge/client | MoxaHttp |
| Railway Remote I/O (ioLogik E12xx) | Moxa | Remote Ethernet I/O | MoxaHttp |
| Railway Remote I/O (ioLogik E15xx) | Moxa | Remote Ethernet I/O | MoxaHttp |
| Cellular Micro RTU Controller (ioLogik W53xx, ioLogik) | Moxa | micro RTU controller | MoxaHttp |
| VPort 461 Industrial Video Encoder | Moxa | Industrial Video Encoder | MoxaHttp |
| IA240 Embedded computer | Moxa | Embedded computers are designed for industrial, automation applications | MoxaHttp |
| IA241 Embedded computer | Moxa | Embedded computers are designed for industrial, automation applications | MoxaHttp |
| OnCell Central Manager | Moxa | Software | MoxaHttp |
| EDS-505A Series | Moxa | Switch | MoxaHttp |
| EDS-508A Series | Moxa | Switch | MoxaHttp |
| OnCell G3100 Series | Moxa | Cellular IP Gateways | MoxaHttp |
| ioLogik Web Server | Moxa | SCADA Software | ioLogik Web Server |
| General | Novatech | Multiple Devices | NovaTech HTTPD |
| WindCube | NRG Systems | Wind Speed Meter | WindWeb |
| AUTOPLATE | PIPS Technology | license plate recognition system | html:'PIPS Technology ALPR Processors' |
| General | Rabbit | Multiple Devices | Z-World Rabbit |
| Z-World Rabbit | Rabbit | Multiple Devices | title:phasefale Z-World Rabbit |
| Reliance 4 SCADA/HMI system | Reliance | SCADA Software | Reliance 4 Control Server |
| 1756-EN2TSC | Rockwell Automation / Allen-Bradley | EtherNet/IP communication module | Rockwell Automation |
| 1734-AENT | Rockwell Automation / Allen-Bradley | I/O Adapter | Rockwell Automation |
| 1756-EWEB | Rockwell Automation / Allen-Bradley | Web Server Module | Allen-Bradley |
| 1768-EWEB | Rockwell Automation / Allen-Bradley | Web Server Module | Allen-Bradley |
| 9300-RADES | Rockwell Automation / Allen-Bradley | Industrial Modem | Series C Revision |
| 9300-8EDM | Rockwell Automation / Allen-Bradley | Industrial Switch | Series C Revision |
| MicroLogix 1100 Embedded Web Server | Rockwell Automation / Allen-Bradley | Web Server | Micrologix |
| MicroLogix 1400 Embedded Web Server | Rockwell Automation / Allen-Bradley | Web Server | Micrologix |
| PanelView Plus 6 Graphic Terminals, Firmware 6.10 or later/, PVPlus 6 | Rockwell Automation / Allen-Bradley | SCADA | Rockwell Automation |
| General | RTS Services | SCADA Software | RTS SCADA Server |
| NetWeaver Application Server | SAP | Application Server | SAP NetWeaver Application Server |
| SPbus gateway | Schleifenbauer | Network Gateway | Schleifenbauer SPbus gateway |
| General | Schneider Electric | Multiple Devices | Schneider-WEB |
| Modicon PLC | Schneider Electric | PLC | TELEMECANIQUE BMX |
| PowerLogic Series 800 Power Meter (PM800) | Schneider Electric | Power Monitoring Module | PowerLogic PM800 |
| PowerLogic Series 800 Power Meter (PM820SD) | Schneider Electric | Power Monitoring Module | Schneider Electric PM820SD |
| PowerLogic Series 800 Power Meter (PM870SD) | Schneider Electric | Power Monitoring Module | Schneider Electric PM870SD |
| PowerLogic Power Meter | Schneider Electric | Power Monitoring Module | title:PowerLogic |
| PowerLogic ION7550 Energy and power meter | Schneider Electric | Energy and power meter | Power Measurement Ltd |
| PowerLogic ION7650 Energy and power meter | Schneider Electric | Energy and power meter | port:23 'Meter ION' |
| PowerLogic ION8650 Energy and power meter | Schneider Electric | Energy and power meter | Power Measurement Ltd ION8650 |
| PowerLogic Ethernet Gateway EGX100 | Schneider Electric | Integrated gateway-server | XP277 |
| PowerLogic Ethernet Gateway EGX300 | Schneider Electric | Integrated gateway-server | title:PowerLogic |
| PowerLogic EGX200 (with firmware version 5.5 or higher) | Schneider Electric | gateway-server | title:PowerLogic |
| PowerLogic EGX400 (with firmware version 5.5 or higher) | Schneider Electric | gateway-server | title:PowerLogic |
| PowerLogic ECC | Schneider Electric | Ethernet Communication Card | Schneider Electric ECC21 |
| PowerLogic EGX | Schneider Electric | Ethernet Gatway | Schneider Electric EGX100MG |
| Modicon M340 | Schneider Electric | PLC | Modicon M340 |
| Modicon M340 for Ethernet | Schneider Electric | PLC | Modicon M340 CPU |
| PowerLogic PM8000 Power Meter | Schneider Electric | PLC | title:PowerLogic |
| PowerLogic PM8240 Power Meter | Schneider Electric | PLC | title:PowerLogic |
| PowerLogic PM8243 Power Meter | Schneider Electric | PLC | Power Measurement Ltd |
| PowerLogic PM8244 Power Meter | Schneider Electric | PLC | Power Measurement Ltd |
| M258 | Schneider Electric | PLC | Schneider Electric |
| CitectSCADA | Schneider Electric | Ethernet Modules | CitectSCADA |
| Tac XENTA 913 | Schneider Electric | Industrial Network Gateway | TAC/Xenta |
| Simatic S7-300 (pre-2009 versions) | Siemens | PLC | Portal0000.htm |
| Simatic S7-1200 | Siemens | PLC | Portal0000 |
| Simatic S7-1500 | Siemens | PLC | Simatic S7 |
| Simatic HMI | Siemens | SCADA Software | SIMATIC HMI |
| Simatic HMI | Siemens | SCADA Software | Simatic |
| Simatic HMI | Siemens | SCADA Software | Simatic -S7 HMI |
| Simatic HMI | Siemens | SCADA Software | Welcome to the Windows CE Telnet Service on HMI_Panel |
| Simatic NET | Siemens | OPC Software | Simatic NET |
| Scalance X-200 | Siemens | Industrial Ethernet Switches | Scalance X |
| Scalance S | Siemens | Industrial Secure Communication Module | Scalance S |
| Scalance W | Siemens | Industrial Wireless LAN Module | Scalance W |
| General | Somfy | Smart Home Devices | title:Somfy |
| General | SpiderControl | General | SpiderControl |
| Stulz WIB 8000 | Stulz GmbH | PLC | Stulz GmbH Klimatechnik |
| TAC Xenta 500/700/911 | TAC AB | PLC | TAC/Xenta |
| TAC Xenta 913 | TAC AB | PLC | Tac XENTA 913 |
| General | THUS | PLC | THUS plc FTP server |
| IQ3xcite | Trend | Controller | server: iq3 |
| NiagaraAX (ver 1) | Tridium | Software for JACE-2, JACE-403 or JACE-545 | Niagara Web Server |
| NiagaraAX (ver 2) | Tridium | Software for JACE-2, JACE-403 or JACE-545 | niagara_audit |
| NiagaraAX (ver 3) | Tridium | Software for JACE-2, JACE-403 or JACE-545 | niagara_audit -login |
| WAGO-I/O-SYSTEM??750 | Wago | Controller | WAGO |
| WAGO-I/O-IPC 758-870/000-xxx | Wago | Compact Industrial PC? | WAGO |
| Modular I/O-System Linux Fieldbus Coupler 750-860 | Wago | PLC | WAGO |
| VxWorks | Wind River | SCADA Software | VxWorks |
| General | Wind River | SCADA Software | WindRiver-WebServer |
| 442SR | Xzeres | small wind turbine | title:'xzeres wind' |
注:上述图表整理自http://www.critifence.com/scada-dorks-database/。
ZoomEye也推出了工控中的Dork,详细可阅读https://www.zoomeye.org/topic?id=ics_project。
原文来源:湘雪尘奕
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论