|
|
|
 you are never an alumni of FIRST, you can always be there, mentoring, learning, creating.
- KelliV [more] |
 |
|
|||||||
|
||||||||
|
|
Thread Tools | Rate Thread | Display Modes |
|
|
|
| you are never an alumni of FIRST, you can always be there, mentoring, learning, creating.
- KelliV [more] |
|
|
|||||||
|
||||||||
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
|
|||
|
|||
cRio + Metasploit = :D
Today I was scanning our local network for *reasons* and I noticed that the cRIO had some open open ports. So then I decided to run a vulnerability scan with nessus and it turned out to have 2!!!! high priority security vulnerabilities. The first was a FTP vulnerability to allow for un-authorized read/write access to the cRIO and the second was a vxworks vulnerability allowing for remote reading and writing of any sector of data and also remote code execution. From this, as a proof of concept, I then used Metasploit which had a BUILT-IN exploit for rebooting a VXWorks machine by the IP address alone. Not sure what SHOULD be done about this issue, I just thought I would bring it to the public's attention that it exists.
 TL;DR version cRIO Vulnerabilities = Un-Authorized FTP + Remote Code Execution Tools = Metasploit + Nessus 5-Second Result = Reboot any robot without credentials |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| cRio | tomy | Kit & Additional Hardware | 7 | 09-12-2009 06:56 |
| Reimaging the cRio Issues there are no cRio devices on the subnet | Stuart | FRC Control System | 2 | 25-02-2009 23:41 |
| crio | andturn | FRC Control System | 4 | 06-02-2009 11:18 |
| cRIO buzzing | furiousgeorge | FRC Control System | 10 | 30-01-2009 00:15 |
| cRIO feedback | Maxpower57 | C/C++ | 2 | 08-01-2009 19:06 |
Threaded Mode