Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Indegy Sensor Setup - Installer

By kannthu

High
Vidoc logoVidoc Module
#misconfig#indegy#sensor#installer
Description

What is the "Indegy Sensor Setup - Installer?"

The "Indegy Sensor Setup - Installer" module is designed to detect misconfigurations in the Indegy Sensor software. Indegy Sensor is a security solution that provides real-time visibility and control over industrial control systems (ICS) and operational technology (OT) networks. This module focuses on the installation process of the sensor and aims to identify any vulnerabilities or misconfigurations that may exist.

This module has a severity level of high, indicating that the detected issues can potentially have a significant impact on the security of the Indegy Sensor installation.

This module was authored by ritikchaddha.

Impact

If vulnerabilities or misconfigurations are found during the Indegy Sensor setup, it could lead to unauthorized access, data breaches, or disruption of critical industrial processes. Attackers may exploit these weaknesses to gain control over the ICS and OT networks, potentially causing operational disruptions, safety risks, and financial losses.

How does the module work?

The "Indegy Sensor Setup - Installer" module works by sending HTTP requests to the target system and analyzing the responses. It checks for specific conditions to determine if the installation process is vulnerable or misconfigured.

One example of an HTTP request sent by this module is a GET request to the "/settings" path. It expects the response to contain the HTML title tag "<title>Setup Wizard</title>". Additionally, it verifies that the response status code is 200 (OK).

The module uses these matching conditions to identify if the installation process is following the expected behavior. If any of the conditions are not met, it will report a vulnerability or misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/settings
Matching conditions
word: <title>Setup Wizard</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability