Rockwell-Allen-Bradley PLC Detect
Detects Exposed Rockwell Automation/ Allen Bradley PLCs running on port 44818
id: rockwell-automation-plc-detection
info:
name: Rockwell Automation/Allen-Bradley PlC Detection with Version Matching
author: Redflare Cyber
severity: low
description: |
This template detects Rockwell Automation/Allen-Bradley devices by checking for specific strings in the response on TCP port 44818, including Vendor ID, Product Name, Device Type, Serial Number, and known version identifiers.
metadata:
max-request: 1
shodan-query: 'port:44818 product:"Rockwell Automation/Allen-Bradley"'
tags: rockwell-allen-bradley,scada,IIoT,network,tcp
tcp:
- inputs:
- data: "63000000000000000000000000000000c1debed100000000"
type: hex
host:
- "{{Hostname}}"
port: 44818
read-size: 1024
matchers:
- type: word
words:
- "Vendor ID: Rockwell Automation/Allen-Bradley"
- "Product name:"
- "Device type:"
- "Serial number:"
part: body
condition: and
- type: regex
regex:
- "1769-L19ER-BB1B/A LOGIX5319ER"
- "1766-L32BXBA C/21.02"
- "2080-LC20-20QWB"
- "1769-L33ER/A LOGIX5333ER"
- "1766-L32AWA C/21.02"
- "1769-L24ER-QBFC1B/A LOGIX5324ER"
- "1769-L32E Ethernet Port"
- "1766-L32BWA C/21.02"
- "1756-L61/B LOGIX5561"
- "1766-L32BXB C/21.02"
- "1766-L32BXBA C/21.07"
- "1766-L32AWA C/21.07"
- "1769-L18ER/B LOGIX5318ER"
- "2080-LC50-24QWB"
- "1769-L30ER/A LOGIX5330ER"
- "1756-ENBT/A"
- "1766-L32AWAA C/21.02"
- "1769-L16ER/B LOGIX5316ER"
- "1769-L24ER-QB1B/A LOGIX5324ER"
- "1766-L32BWAA C/21.02"
- "1766-L32BXBA B/15.00"
- "1763-L16DWD B/16.00"
- "1766-L32AWA C/21.06"
- "1769-L27ERM-QxC1B/A LOGIX5327ERM"
- "1756-EN2T/D"
- "1769-L35E Ethernet Port"
- "1766-L32BXB B/15.00"
- "1766-L32AWA B/15.00"
- "1763-L16DWD B/14.00"
- "1766-L32BXB B/13.00"
- "2080-LC50-24QBB"
- "1766-L32BWA B/15.00"
- "1766-L32BWAA C/21.07"
- "1763-L16BWA B/14.00"
- "1763-L16BWA B/16.00"
- "1763-L16BWA B/9.00"
- "1766-L32AWAA C/21.07"
- "1766-L32BWAA B/15.00"
- "1763-L16AWA B/16.00"
- "1763-L16BBB B/14.00"
- "1763-L16BBB B/16.00"
- "1766-L32BXBA C/21.06"
- "2080-LC50-48QWB"
- "1766-L32BXBA B/14.00"
- "1766-L32AWAA B/15.00"
- "1766-L32BWAA B/15.04"
- "1766-L32AWA B/16.00"
- "1769-L19ER-BB1B/C LOGIX5319ER"
- "1763-L16BWA B/11.00"
- "1766-L32BWAA B/16.00"
- "5069-L306ER/A"
- "1766-L32BWA B/16.00"
- "1763-L16AWA B/14.00"
- "1766-L32BWAA B/14.00"
- "1766-L32BXBA B/16.00"
- "1763-L16BBB B/11.00"
- "1766-L32BXB B/10.00"
- "1769-L18ER/A LOGIX5318ER"
- "1769-L36ERM/A LOGIX5336ERM"
- "2080-LC20-20AWB"
- "1766-L32BXB B/11.00"
- "1766-L32BXBA B/11.00"
- "1766-L32BWAA C/21.06"
- "1763-L16BWA B/12.00"
- "1766-L32AWAA C/21.06"
- "1766-L32BWAA B/13.00"
- "2080-LC20-20QBB"
- "1763-L16AWA B/12.00"
- "1766-L32BXB A/5.00"
- "1766-L32BXB C/21.07"
- "1766-L32BXBA B/13.00"
- "1761-NET-ENI/D"
- "1763-L16AWA B/9.00"
- "2080-LC50-24AWB"
- "1766-L32BWA C/21.07"
- "5069-L320ER/A"
- "1766-L32AWA B/11.00"
- "1769-L33ERM/A LOGIX5333ERM"
- "1763-L16DWD B/12.00"
- "1766-L32AWAA B/11.00"
- "1766-L32BXB B/14.00"
- "1756-EN2T/C"
- "1763-L16AWA A/3.00"
- "1763-L16BBB B/12.00"
- "1766-L32AWAA B/14.00"
- "1766-L32BWA B/10.00"
- "1766-L32BWA B/11.00"
- "1766-L32BWA C/21.06"
- "1766-L32BXBA B/10.00"
- "1769-L30ERMS/A LOGIX5370SAFETY"
- "2080-LC50-48AWB"
- "1747-L551/C C/11 - DC 3.46"
- "1756-EN2TR/C 217021900"
- "1763-L16BBB B/9.00"
- "1763-L16DWD B/9.00"
- "1766-L32BWA B/14.00"
- "1768-ENBT/A"
- "2080-LC70-24QWB"
- "1747-L553 C/6 - DC 2.50"
- "1756-EWEB/A"
- "1763-L16BWA B/15.02"
- "1766-L32AWAA B/13.00"
- "1766-L32BXB B/16.00"
- "1766-L32BXBA A/5.00"
- "1766-L32BXBA B/21.07"
- "1769-L16ER/A LOGIX5316ER"
- "1769-L24ER-QB1B/B LOGIX5324ER"
- "2080-L50E-24QBB"
- "2080-LC50-48QBB"
- "1747-L551/C C/10 - DC 3.46"
- "1747-L552/C C/11 - DC 3.46"
- "1763-L16AWA B/11.00"
- "1747-L551/C C/13 - DC 3.54"
- "1756-L81E/B"
- "1766-L32AWA B/10.00"
- "1766-L32AWAA B/16.00"
- "1766-L32BWA B/13.00"
- "1766-L32BWAA B/10.00"
- "1769-L36ERMS/A LOGIX5370SAFETY"
- "2080-L50E-24QWB"
- "1747-L553/C C/11 - DC 3.46"
- "1766-L32AWA B/14.00"
- "1766-L32AWAA A/5.00"
- "1766-L32BWAA B/11.00"
- "1766-L32BWAA B/21.03"
- "1769-L30ERMS/B LOGIX5370SAFETY"
- "5069-L310ER/A"
- "5069-L330ER/A"
- "PanelView Plus_6 1000"
- "1408-EM3A-ENT, Series B"
- "1747-L552/C C/13 - DC 3.54"
- "1756-EN3TR/B"
- "1766-L32AWA B/13.00"
- "1766-L32BWA A/5.00"
- "1766-L32BXB C/21.06"
- "1769-L16ER-BB1B/C LOGIX5316ER"
- "1769-L24ER-QBFC1B/B LOGIX5324ER"
- "1769-L27ERM-QxC1B/B LOGIX5327ERM"
- "1769-L37ERM/A LOGIX5337ERM"
- "1747-L552/C C/10 - DC 3.46"
- "1763-L16BWA A/3.00"
- "1766-L32AWA A/4.00"
- "1766-L32AWA A/5.00"
- "1766-L32AWA B/21.06"
- "1766-L32AWA B/21.07"
- "1766-L32AWAA B/21.03"
- "1766-L32BWA A/7.00"
- "1766-L32BXBA B/21.02"
- "1769-L18ERM/B LOGIX5318ERM"
- "1769-L23E-QBFC1 Ethernet Port"
- "2080-L50E-48QWB"
- "2711R-T10T/A"
- "2711R-T4T/B"
- "5069-L306ERM/A"
- "5069-L310ERMS2/B"
- "5069-L330ERMS3/A"
- "BGT Cellular Module"
- "EIP Adapter1"
- "Emulate 5380 Controller"
- "Emulate 5580 Controller"
- "EtherNetIP Master Stack Library"
- "PanelView Plus 7 Perf 1000"
- "PanelView Plus_7 Standard 1000"
- "1734-AENT/B Ethernet Adapter"
- "1747-L551 C/6 - DC 2.50"
- "1747-L552 C/8 - DC 2.59"
- "1747-L553/C C/13 - DC 3.54"
- "1756-EN2TR/C"
- "1763-L16AWA B/00.00"
- "1763-L16DWD B/11.00"
- "1763-L16DWD B/15.02"
- "1766-L32AWA A/3.00"
- "1766-L32AWA B/21.05"
- "1766-L32AWA C/21.05"
- "1766-L32AWAA B/10.00"
- "1766-L32AWAA C/21.03"
- "1766-L32BWA A/3.00"
- "1766-L32BWA A/4.00"
- "1766-L32BWAA A/3.00"
- "1766-L32BWAA B/21.07"
- "1766-L32BWAA C/21.04"
- "1766-L32BXB A/7.00"
- "1766-L32BXBA B/15.05"
- "1766-L32BXBA B/21.00"
- "1766-L32BXBA B/21.04"
- "1769-L23E-QB1 Ethernet Port"
- "1769-L36ERMS/B LOGIX5370SAFETY"
- "2080-L50E-24AWB"
- "2080-LC50-24QVB"
- "2080-LC70-24QBB"
- "5069-L306ERS2/B"
- "5069-L320ERM/A"
- "5069-L320ERMS2/B"
- "PLC-5/40E E/H - DC 2.53"
- "PLC-5/40E E/K - DC 2.64"
- "PanelView Plus 7 Perf 700"
- "PanelView Plus_7 Standard 1200W"
- "PanelView Plus_7 Standard 600"
- "PowerMonitor 5000"
part: body
Last updated