Rockwell Automation TCP/IP Configuration Information - Detect

What is the "Rockwell Automation TCP/IP Configuration Information - Detect" module?

The "Rockwell Automation TCP/IP Configuration Information - Detect" module is designed to detect misconfigurations related to TCP/IP configuration information in Rockwell Automation software. It targets the Rockwell Automation software and scans for vulnerabilities or misconfigurations that could potentially impact the security and functionality of the TCP/IP configuration.

This module has a severity level of medium, indicating that the detected misconfigurations or vulnerabilities could have a moderate impact on the system's security and performance.

Impact

If misconfigurations or vulnerabilities are detected by this module, it could potentially lead to unauthorized access, data breaches, or disruption of the TCP/IP communication within the Rockwell Automation software. It is important to address and fix any identified issues to ensure the security and stability of the system.

How the module works?

The "Rockwell Automation TCP/IP Configuration Information - Detect" module works by sending an HTTP GET request to the "/tcpconfig.html" path of the target system. It then applies matching conditions to determine if the TCP/IP configuration information is present and if the response status is 200 (OK).

The matching conditions used in this module are:

- Word Matcher: It checks if the response contains the phrase "TCP/IP Configuration". - Status Matcher: It verifies if the response status is 200 (OK).

If both matching conditions are met, the module reports a potential misconfiguration or vulnerability related to the TCP/IP configuration information in the Rockwell Automation software.