Find Vulnerable SCADA Systems with Shodan
Here are some useful queries:
- http://www.shodanhq.com/?q=port:161+country:US+simatic
- http://www.shodanhq.com/?q=PLC
- http://www.shodanhq.com/?q=allen+bradley
- http://www.shodanhq.com/?q=fanuc
- http://www.shodanhq.com/?q=Rockwell
- http://www.shodanhq.com/?q=Cimplicity
- http://www.shodanhq.com/?q=Omron
- http://www.shodanhq.com/?q=Novatech
- http://www.shodanhq.com/?q=Citect
- http://www.shodanhq.com/?q=RTU
- http://www.shodanhq.com/?q=Modbus+Bridge
- http://www.shodanhq.com/?q=modicon
- http://www.shodanhq.com/?q=bacnet
- http://www.shodanhq.com/?q=telemetry+gateway
- http://www.shodanhq.com/?q=SIMATIC
- http://www.shodanhq.com/?q=hmi
- http://www.shodanhq.com/?q=siemens+-…er+-Subscriber
- http://www.shodanhq.com/?q=scada+RTS
- http://www.shodanhq.com/?q=SCHNEIDER
- http://www.shodanhq.com/?q=port%3A161+simatic
- http://www.shodanhq.com/?q=telemetry+gateway
- http://www.shodanhq.com/?q=%22cisco-ios%22%20%22last-modified%22
Erk.. How to exploit?
- Default password (uhukk uhukk WinCC)
- http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
- http://www.elladodelmal.com/2010/05/shodan-y-sistemas-scada.html
- [..]
What else to exploit ?
Comments
I am currently researching on SCADA Systems, and from what I have got, most SCADA Systems are either obscured from the net (WELL) or they are just vulnerable with a weak password, and it does matter if someone has an access to these systems, one can spread Havoc in the city/town based on those systems.