Scada Exposure

Release 2016-08

Vendors
Countries
Vendor Product WORLD IT CH Total
ABB Generic 8 0 0 0
RTU500 7 0 0 0
ACKP Generic 267 22 5 27
Adcon Telemetry A850 Telemetry Gateway 25 0 0 0
Generic 105 0 0 0
addUPI-OPC Server 261 1 0 1
Allen-Bradley Generic 3665 74 15 89
Beck IPC IPC@CHIP 4172 520 120 640
BroadWeb Generic 10 0 0 0
Cimetrics Eplus - B/IP to B/WS Gateway Firewall 7 0 0 0
Clorius Controls Generic 1 0 0 0
Codesys WebVisu 30 0 2 2
Delta Controls enteliTOUCH 109 0 0 0
Echelon i.LON 600 2398 23 6 29
Electro Industries GaugeTech Generic 88 0 0 0
Elster EnergyICT Generic 462 0 0 0
RTU 462 0 0 0
eiPortal 38 0 0 0
Fujitsu ServerView 671 3 1 4
General Electric Cimplicity 31 1 2 3
Proficy 0 0 0 0
Generic Generic 5281 319 78 397
HMS EtherNet/IP / Modbus-TCP Interface 37 1 0 1
Moxa Generic 4021 242 61 303
ioLogik 143 18 0 18
NRG Systems WindCube 10895 86 6 92
Novatech Generic 0 0 0 0
RTS Services Generic 6 0 0 0
Rabbit Generic 1533 43 2 45
Reliance Reliance 4 SCADA/HMI system 7 0 0 0
Rockwell Automation Generic 3792 75 15 90
Micrologix 1 0 0 0
SAP NetWeaver Application Server 5161 120 82 202
Schleifenbauer SPbus gateway 1 0 0 0
Schneider Electric CitectSCADA 0 0 0 0
Generic 1047 15 1 16
Modicon 204 13 0 13
PowerLogic ECC 0 0 0 0
PowerLogic EGX 14 0 0 0
PowerLogic ION 33 0 0 0
PowerLogic PM 815 23 3 26
Tac XENTA 913 0 0 0 0
Siemens Generic 17196 369 293 662
Scalance S 0 0 0 0
Scalance W 1 0 0 0
Scalance X 1 0 0 0
Simatic HMI 1296 92 18 110
Simatic NET 192 20 26 46
Simatic S7 669 24 0 24
SoftPLC Generic 515 0 0 0
Somfy Generic 30 0 0 0
SpiderControl Generic 134 19 2 21
Stulz Generic 16 1 0 1
THUS Generic 0 0 0 0
Trend IQ3xcite 713 56 0 56
Tridium Generic 19530 235 32 267
Wago Generic 115 6 31 37
Wind River Generic 40317 875 66 941
126533 3296 867 4163

Here we are again with a new release of Scada Exposure research. First will be exposed the 2016-08 release summary and then there will be a comparison between this and the 2013-11 release.

Abstract

We found that 126'533 of ICS and SCADA devices are now exposed in public databases, at risk of attack. More than 4'000 are present in Switzerland and Italy alone. Switzerland is more exposed that Italy in proportion, with 867 exposed devices on a total of 2'864'000, compared to 3'296 of Italy on a total of 8'842'000.

All data gathered during our research is published for further study.

1 Introduction

Welcome to the second release of ScadaExposure, an observatory on international reachability of ICS and SCADA devices.

The 2016-08 release is focused on answering the following questions:

  • Are ICS and SCADA devices correctly deployed and disconnected from public networks?
  • How many devices are exposed in Switzerland?
  • How many devices are exposed in Italy?
  • How is the Switzerland compared to Italy and vice-versa?
  • How is the exposure at the moment compared with the one of 2013-11?
  • What companies in scada sector have gained market in three years? Which ones have missed it?
  • Compared with the global trend, Italy and Switzerland are aligned or not?
  • Which countries have more exposed enterprise-level ICS components?
  • What is the possible impact?

2 Research method

We used the same set of 2013 with 95 dorks (search queries) against generic search engines (like Google and Bing) and specialized ones (like Shodan, who focus on indexing machines connected to the Internet). This represents the largest collection of search queries specialized in finding SCADA devices up to date. We did not only collected them, we improved the queries to get more and more solid results. For example some dorks were focusing on authentication banners, but in this way one will always and only get authentication protected devices, ignoring unauthenticated ones.

For each dork we performed several interrogations, dividing the results in three sets: Worldwide, to get the global presence of a particular device; CH, to limit the results to Switzerland; IT to limit the results to Italy. Switzerland and Italy were chosen as they are two neighbor nations and thus perfect for a comparative analysis.

To perform those interrogation we developed a Shodan API written in PHP for a fastest way to get the results, also looking to the future for making new releases every year. You can find the API source code here on github: Shodan-PHP-REST-API.

Having distinct sets for different nations allows statistical and proportional comparison. We will add more countries in the future.

Dorks were then categorized in a taxonomy of Producers (we call them Vendors), Products and Versions. A dork can be linked to a Vendor, Product or Version or can be completely generic (like "PLC"). This allow us to obtain subtotals for every entity and know the actual usage and exposure rate.

3 Analysis

It's known that ICS and SCADA systems are a link between the digital and physical world so the consequences of malfunctioning can be definitely serious. It's also a fact that in complex systems even the failure of non-critical components can cause unplanned collateral damages.

The research is focused on demonstrating that such systems are not "air gapped" (deployed on a different, separated network) as many suggests, instead such devices are often exposed to random attackers from the Internet. This means that devices, thought to be completely isolated from external attackers, must be re-engineered with modern threat models.

Using our set of dorks we discovered a total of 126'533 SCADA devices, categorized in 29 Vendors and 62 Products. Switzerland accounted for 867 ICS devices on a total of 2'864'000 devices(dork country:"CH") connected to Internet and indexed by our data sources. Italy accounted for 3'296 ICS devices on a total of 8'842'000 devices(dork country:"IT").

While Switzerland has 3 times less devices than Italy, we came to the conclusion that Italy has more exposed ICS devices in proportion. This means that the usage of SCADA elements is more pervasive and/or that their security is worse than in Switzerland. Speaking of absolute proportions Italy has 3.8 times more ICS devices than Switzerland, a number that is higher than 3.

Analysis between ICS/SCADA systems (Summary):

  • 2.6% of world’s SCADA devices are in Italy;
  • 0.7% of world’s SCADA devices are in Switzerland;
  • Italian and Swiss SCADA devices represent the 3.3% of the global exposure.

Our data moreover allows a comparison of ICS devices in a country versus the global total.

Analysis between ICS/SCADA systems and non-SCADA systems (Summary):

  • 0,04% of Italian exposed devices are SCADA;
  • 0,03% of total Swiss exposed devices are SCADA;
  • Italy is proportionally more exposed (+26.30%);
  • In Italy every 2'680 devices scanned one is SCADA;
  • In Switzerland every 3'300 devices scanned one is SCADA;

This means that randomly scanning 10 IP per second statistically you can find one exposed SCADA system every 10 minutes.

4 Conclusion

Now is time for answering the previously raised questions:

  • Are ICS and SCADA devices correctly deployed and disconnected from public networks?

    They are in many occasions not.

  • How many devices are exposed in Switzerland?

    Switzerland has 867 ICS devices exposed.

  • How many devices are exposed in Italy?

    Italy has 3'296 ICS devices exposed.

  • How is the Switzerland compared to Italy and vice-versa?

    Italy has more exposion (+26.30%) compared to Switzerland, although Italy has many exposed devices.

  • How is the exposure at the moment compared with the one of 2013-11?

    Using the same set of dorks used in 2013 we found that those devices are less exposed now a days. We hope that the lesser exposure is real, but it could also mean that some old exposed devices were replaced by newer ICS not observed by our research. Then in the next releases we will add dorks for the newest ICS products avaiable and we will compare many different countries.

  • What companies in scada sector are the "Key Players" of the market?

    • ABB Ltd. (Switzerland)

    • Alstom (France)

    • Emerson Electric Co. (US)

    • General Electric Company (US)

    • Hitachi, Ltd. (Japan)

    • Honeywell International (US)

    • IBM Corporation (US)

    • ICONICS, Inc. (US)

    • Inductive Automation (US)

    • JFE Engineering Corporation (Japan)

    • Mitsubishi Electric Corporation (Japan)

    • Omron Corp. (Japan)

    • Rockwell Automation, Inc. (US)

    • PetroCloud (US)

    • Primex (US)

    • Scadata, Inc. (US)

    • Schneider Electric (France)

    • Siemens AG (Germany)

    • Tesco Controls Inc. (US)

    • Toshiba Corp. (Japan)

    • Xio, Inc. (US)

    • Yokogawa Electric Corporation (Japan)

  • Compared with the global trend, Italy and Switzerland are aligned or not?

    Our research has highlighted a drop of approximately 75% in global terms, while Italy followed the global trend with a drop of approximately 80%, Switzerland has obtained less decrease compared to Italy with a drop of approximately 60%.

  • Which countries have more exposed enterprise-level ICS components?

    • United States (268,784)

    • China (121,022)

    • Hong Kong (69,731)

    • Australia (58,433)

    • Japan (40,564)

    • France (29,738)

    • United Kingdom (27,998)

    • Dominican Republic (20,495)

    • Canada (19,913)

    • Republic of Korea (14,011)

  • What is the possible impact?

    In a perfect world none of the found systems should be accessible by untrusted networks. Yet, the security of ICS/SCADA is often not given the treatment it deserves. Small and medium businesses, as well as individuals, are completely reliant on vendors when it comes to the security of the Internet of Things, they don't even known how high is the risk to be attacked. Scada Exposure research reminds us that the “Security through Obscurity” principle cannot serve as a good basis to achieve effective protection from modern attacks.

5 Known limitations

We did not connect to the found devices, it was not within the scope of the research and we do not publish specific IP addresses of targets, attackers already actively exploit such information. Publishing it would not add value to our research.

There is no assertion that systems are still reachable from the public Internet or vulnerable at all. They were indexed at some point by our datasources, and thus already exposed to the Internet. This alone represent a violation of most common security best practices, especially when it comes to ICS devices. Only information that seemed accurate and truthful was included in our results.

Search queries used to identify devices are not perfect and may overlap, resulting in larger subtotals and totals than the unique IP count, this may change with future releases if more resources are found to implement the needed screening and filtering.

It's impossible to know what these systems are connected to, and thus it's impossible to know the actual Risk. That's why to effectively assess Risk, Penetration Tests are used. They are real "simulations" of attacks, in the sense that targets are actually attacked but the test is executed in order to avoid deliberate damage. Again, no attack was performed against these devices.

Used datasources do not spider every possible device, they should be used as a statistical indication only. It can be easily understood that devices that appear in such databases have an increased chance to be attacked.

There are actually much more publicly accessible devices than the ones indexed by out datasources. We think that this compensate know limitations. Again, we were only looking for a statistical evidence to get educated conclusions.

6 Who and Why

All the research for this release has been performed by Francesco Ongaro and Alex Salvetti from ISGroup SRL, including building a platform that will serve for future studies and hopefully the creation of a more open ICS security community.

We started this research on request from Florian Imbach, a journalist of Sonntagszeitung, and decided to take it further because of the risk connected to insecure SCADA deployments, the little awareness and a great gap to fill compared to IT systems's security.

Our observatory represent a source to where people can refer to, citing actual numbers instead of vague feelings. There is no other public research comparable to ScadaExposure at the moment.

If you are a citizen you should require secure systems. If you are a company you should invest in the security of your production equipment. If you are a producer you should re-evaluate your products from a security prospective. If you are a security company you should sponsor this project to improve the awareness and overall security of ICS systems and infrastructures.

If you just want to contact us just write to scadaexposure@isgroup.it.

Vendor Product Version
ABBGenericGeneric
ABBRTU500RTU560
ACKPGenericGeneric
Adcon TelemetryA850 Telemetry Gateway Generic
Adcon TelemetryGenericGeneric
Adcon TelemetryaddUPI-OPC ServerGeneric
Allen-BradleyGenericGeneric
Beck IPCIPC@CHIPGeneric
BroadWebGenericGeneric
CimetricsEplus - B/IP to B/WS Gateway FirewallGeneric
Clorius ControlsGenericGeneric
CodesysWebVisuGeneric
Delta ControlsenteliTOUCHGeneric
Echeloni.LON 600Generic
Electro Industries GaugeTechGenericGeneric
Elster EnergyICTGenericGeneric
Elster EnergyICTRTUGeneric
Elster EnergyICTeiPortalGeneric
FujitsuServerViewGeneric
General ElectricCimplicityGeneric
General ElectricProficyGeneric
GenericGenericGeneric
HMSEtherNet/IP / Modbus-TCP Interface Generic
MoxaGenericGeneric
MoxaioLogikGeneric
NRG SystemsWindCubeGeneric
NovatechGenericGeneric
RTS ServicesGenericGeneric
RabbitGenericGeneric
RelianceReliance 4 SCADA/HMI systemGeneric
Rockwell AutomationGenericGeneric
Rockwell AutomationMicrologixGeneric
SAPNetWeaver Application ServerGeneric
SchleifenbauerSPbus gatewayGeneric
Schneider ElectricCitectSCADAGeneric
Schneider ElectricGenericGeneric
Schneider ElectricModiconM340
Schneider ElectricModiconGeneric
Schneider ElectricModiconM340
Schneider ElectricModiconGeneric
Schneider ElectricModiconM340
Schneider ElectricModiconGeneric
Schneider ElectricPowerLogic ECCECC21
Schneider ElectricPowerLogic EGXEGX100MG
Schneider ElectricPowerLogic IONGeneric
Schneider ElectricPowerLogic IONION8650
Schneider ElectricPowerLogic IONGeneric
Schneider ElectricPowerLogic IONION8650
Schneider ElectricPowerLogic IONGeneric
Schneider ElectricPowerLogic IONION8650
Schneider ElectricPowerLogic PMPM820SD
Schneider ElectricPowerLogic PMPM870SD
Schneider ElectricPowerLogic PMPM800
Schneider ElectricPowerLogic PMPM820SD
Schneider ElectricPowerLogic PMPM870SD
Schneider ElectricPowerLogic PMPM800
Schneider ElectricPowerLogic PMPM820SD
Schneider ElectricPowerLogic PMPM870SD
Schneider ElectricPowerLogic PMPM800
Schneider ElectricTac XENTA 913Generic
SiemensGenericGeneric
SiemensScalance SGeneric
SiemensScalance WGeneric
SiemensScalance XGeneric
SiemensSimatic HMIGeneric
SiemensSimatic NETGeneric
SiemensSimatic S7Generic
SoftPLCGenericGeneric
SomfyGenericGeneric
SpiderControlGenericGeneric
StulzGenericGeneric
THUSGenericGeneric
TrendIQ3xciteGeneric
TridiumGenericGeneric
WagoGenericGeneric
Wind RiverGenericGeneric
Note The Taxonomy page only shows the Vendors, Products and Versions contained in this specific release.
Country Vendor Product Version Method Dork Results
WORLDGenericGenericGenericShodan"Server: VTS" -IIS -Apache -nginx 401 -500 -Boa -Sitewatch -Apple -httpd -cpsrvd -Ubicom -DCS-6620101
CHGenericGenericGenericShodan"Server: VTS" -IIS -Apache -nginx 401 -500 -Boa -Sitewatch -Apple -httpd -cpsrvd -Ubicom -DCS-66200
ITGenericGenericGenericShodan"Server: VTS" -IIS -Apache -nginx 401 -500 -Boa -Sitewatch -Apple -httpd -cpsrvd -Ubicom -DCS-66200
CHGenericGenericGenericShodan--All--884607
WORLDGenericGenericGenericShodan--All--0
ITGenericGenericGenericShodan--All--6299498
WORLDAdcon TelemetryA850 Telemetry Gateway GenericShodanA850 Telemetry Gateway25
ITAdcon TelemetryA850 Telemetry Gateway GenericShodanA850 Telemetry Gateway0
CHAdcon TelemetryA850 Telemetry Gateway GenericShodanA850 Telemetry Gateway0
ITABBRTU500RTU560ShodanABB RTU5600
WORLDABBRTU500RTU560ShodanABB RTU5607
CHABBRTU500RTU560ShodanABB RTU5600
WORLDABBGenericGenericShodanABB Webmodule8
CHABBGenericGenericShodanABB Webmodule0
ITABBGenericGenericShodanABB Webmodule0
CHACKPGenericGenericShodanAKCP Embedded Web Server5
ITACKPGenericGenericShodanAKCP Embedded Web Server22
WORLDACKPGenericGenericShodanAKCP Embedded Web Server267
WORLDAllen-BradleyGenericGenericShodanAllen-Bradley3640
ITAllen-BradleyGenericGenericShodanAllen-Bradley74
CHAllen-BradleyGenericGenericShodanAllen-Bradley15
WORLDBroadWebGenericGenericShodanBroadWeb10
ITBroadWebGenericGenericShodanBroadWeb0
CHBroadWebGenericGenericShodanBroadWeb0
WORLDGeneral ElectricCimplicityGenericShodanCIMPLICITY-HttpSvr31
CHGeneral ElectricCimplicityGenericShodanCIMPLICITY-HttpSvr2
ITGeneral ElectricCimplicityGenericShodanCIMPLICITY-HttpSvr1
WORLDCimetricsEplus - B/IP to B/WS Gateway FirewallGenericShodanCimetrics Eplus Web Server7
ITCimetricsEplus - B/IP to B/WS Gateway FirewallGenericShodanCimetrics Eplus Web Server0
CHCimetricsEplus - B/IP to B/WS Gateway FirewallGenericShodanCimetrics Eplus Web Server0
ITSchneider ElectricCitectSCADAGenericShodanCitectSCADA0
WORLDSchneider ElectricCitectSCADAGenericShodanCitectSCADA0
CHSchneider ElectricCitectSCADAGenericShodanCitectSCADA0
CHSchneider ElectricGenericGenericShodanClearSCADA0
ITSchneider ElectricGenericGenericShodanClearSCADA0
WORLDSchneider ElectricGenericGenericShodanClearSCADA69
WORLDDelta ControlsenteliTOUCHGenericShodanDELTA enteliTOUCH109
ITDelta ControlsenteliTOUCHGenericShodanDELTA enteliTOUCH0
CHDelta ControlsenteliTOUCHGenericShodanDELTA enteliTOUCH0
CHElectro Industries GaugeTechGenericGenericShodanEIG Embedded Web Server0
ITElectro Industries GaugeTechGenericGenericShodanEIG Embedded Web Server0
WORLDElectro Industries GaugeTechGenericGenericShodanEIG Embedded Web Server88
WORLDElster EnergyICTGenericGenericShodanEnergyICT462
ITElster EnergyICTGenericGenericShodanEnergyICT0
CHElster EnergyICTGenericGenericShodanEnergyICT0
WORLDElster EnergyICTRTUGenericShodanEnergyICT RTU462
CHElster EnergyICTRTUGenericShodanEnergyICT RTU0
ITElster EnergyICTRTUGenericShodanEnergyICT RTU0
WORLDGenericGenericGenericShodanGoAhead-Webs InitialPage.asp42
CHGenericGenericGenericShodanGoAhead-Webs InitialPage.asp0
ITGenericGenericGenericShodanGoAhead-Webs InitialPage.asp0
CHSchneider ElectricPowerLogic EGXEGX100MGShodanHMI, XP2770
WORLDSchneider ElectricPowerLogic EGXEGX100MGShodanHMI, XP27712
ITSchneider ElectricPowerLogic EGXEGX100MGShodanHMI, XP2770
CHHMSEtherNet/IP / Modbus-TCP Interface GenericShodanHMS AnyBus-S WebServer0
WORLDHMSEtherNet/IP / Modbus-TCP Interface GenericShodanHMS AnyBus-S WebServer37
ITHMSEtherNet/IP / Modbus-TCP Interface GenericShodanHMS AnyBus-S WebServer1
CHBeck IPCIPC@CHIPGenericShodanIPC@CHIP120
ITBeck IPCIPC@CHIPGenericShodanIPC@CHIP520
WORLDBeck IPCIPC@CHIPGenericShodanIPC@CHIP4172
CHClorius ControlsGenericGenericShodanISC SCADA Service HTTPserv:000010
ITClorius ControlsGenericGenericShodanISC SCADA Service HTTPserv:000010
WORLDClorius ControlsGenericGenericShodanISC SCADA Service HTTPserv:000011
WORLDGenericGenericGenericShodanJetty 3.1.8 (Windows 2000 5.0 x86)207
ITGenericGenericGenericShodanJetty 3.1.8 (Windows 2000 5.0 x86)7
CHGenericGenericGenericShodanJetty 3.1.8 (Windows 2000 5.0 x86)0
WORLDSchneider ElectricModiconM340ShodanModicon M34054
ITSchneider ElectricModiconM340ShodanModicon M3401
CHSchneider ElectricModiconM340ShodanModicon M3400
WORLDGenericGenericGenericShodanModbus Bridge75
ITGenericGenericGenericShodanModbus Bridge3
CHGenericGenericGenericShodanModbus Bridge0
WORLDGenericGenericGenericShodanModbusGW43
ITGenericGenericGenericShodanModbusGW20
CHGenericGenericGenericShodanModbusGW0
CHSchneider ElectricModiconM340ShodanModicon M340 CPU0
WORLDRockwell AutomationMicrologixGenericShodanMicrologix1
ITRockwell AutomationMicrologixGenericShodanMicrologix0
CHRockwell AutomationMicrologixGenericShodanMicrologix0
WORLDGenericGenericGenericShodanNET ARM Web Server/1.00114
ITGenericGenericGenericShodanNET ARM Web Server/1.000
CHGenericGenericGenericShodanNET ARM Web Server/1.000
WORLDMoxaGenericGenericShodanMoxaHttp4021
ITMoxaGenericGenericShodanMoxaHttp242
CHMoxaGenericGenericShodanMoxaHttp61
WORLDSchneider ElectricModiconM340ShodanModicon M340 CPU43
ITSchneider ElectricModiconM340ShodanModicon M340 CPU1
WORLDTridiumGenericGenericShodanNiagara Web Server19038
ITTridiumGenericGenericShodanNiagara Web Server235
CHTridiumGenericGenericShodanNiagara Web Server30
ITNovatechGenericGenericShodanNovaTech HTTPD0
CHNovatechGenericGenericShodanNovaTech HTTPD0
WORLDGenericGenericGenericShodanPLC2931
ITGenericGenericGenericShodanPLC246
CHGenericGenericGenericShodanPLC42
WORLDSiemensSimatic S7GenericShodanPortal0000.htm3
ITSiemensSimatic S7GenericShodanPortal0000.htm0
CHSiemensSimatic S7GenericShodanPortal0000.htm0
WORLDSiemensSimatic S7GenericShodanPortal00003
ITSiemensSimatic S7GenericShodanPortal00000
CHSiemensSimatic S7GenericShodanPortal00000
WORLDNovatechGenericGenericShodanNovaTech HTTPD0
WORLDSchneider ElectricGenericGenericShodanPower Measurement Ltd163
ITSchneider ElectricGenericGenericShodanPower Measurement Ltd0
CHSchneider ElectricGenericGenericShodanPower Measurement Ltd0
ITSchneider ElectricPowerLogic IONION8650ShodanPower Measurement Ltd ION86500
WORLDSchneider ElectricPowerLogic IONION8650ShodanPower Measurement Ltd ION86500
CHSchneider ElectricPowerLogic IONION8650ShodanPower Measurement Ltd ION86500
WORLDSchneider ElectricPowerLogic PMPM800ShodanPowerLogic PM8001
ITSchneider ElectricPowerLogic PMPM800ShodanPowerLogic PM8000
CHSchneider ElectricPowerLogic PMPM800ShodanPowerLogic PM8000
WORLDGenericGenericGenericShodanPowerlink1425
ITGenericGenericGenericShodanPowerlink17
CHGenericGenericGenericShodanPowerlink32
CHGeneral ElectricProficyGenericShodanProficyPortal0
ITGeneral ElectricProficyGenericShodanProficyPortal0
WORLDGeneral ElectricProficyGenericShodanProficyPortal0
WORLDRTS ServicesGenericGenericShodanRTS SCADA Server6
ITRTS ServicesGenericGenericShodanRTS SCADA Server0
CHRTS ServicesGenericGenericShodanRTS SCADA Server0
CHRelianceReliance 4 SCADA/HMI systemGenericShodanReliance 4 Control Server0
ITRelianceReliance 4 SCADA/HMI systemGenericShodanReliance 4 Control Server0
WORLDRelianceReliance 4 SCADA/HMI systemGenericShodanReliance 4 Control Server7
ITRockwell AutomationGenericGenericShodanRockwell Automation75
CHRockwell AutomationGenericGenericShodanRockwell Automation15
ITSchneider ElectricPowerLogic PMPM820SDShodanS7-20010
WORLDRockwell AutomationGenericGenericShodanRockwell Automation3792
WORLDSchneider ElectricPowerLogic PMPM820SDShodanS7-200744
CHSchneider ElectricPowerLogic PMPM820SDShodanS7-2002
ITSchneider ElectricPowerLogic PMPM820SDShodanS7-30013
WORLDSchneider ElectricPowerLogic PMPM820SDShodanS7-30070
CHSchneider ElectricPowerLogic PMPM820SDShodanS7-3001
CHSAPNetWeaver Application ServerGenericShodanSAP NetWeaver Application Server82
WORLDSAPNetWeaver Application ServerGenericShodanSAP NetWeaver Application Server5161
ITSAPNetWeaver Application ServerGenericShodanSAP NetWeaver Application Server120
ITGenericGenericGenericShodanSCADA25
WORLDGenericGenericGenericShodanSCADA275
CHGenericGenericGenericShodanSCADA2
CHSiemensSimatic HMIGenericShodanSIMATIC HMI1
ITSiemensSimatic HMIGenericShodanSIMATIC HMI3
WORLDSiemensSimatic HMIGenericShodanSIMATIC HMI61
CHSiemensSimatic NETGenericShodanSIMATIC NET13
ITSiemensSimatic NETGenericShodanSIMATIC NET10
WORLDSiemensSimatic NETGenericShodanSIMATIC NET96
WORLDGenericGenericGenericShodanSLC-542
ITGenericGenericGenericShodanSLC-51
CHGenericGenericGenericShodanSLC-51
WORLDSiemensScalance SGenericShodanScalance S0
ITSiemensScalance SGenericShodanScalance S0
CHSiemensScalance SGenericShodanScalance S0
CHSiemensScalance WGenericShodanScalance W0
WORLDSiemensScalance WGenericShodanScalance W1
ITSiemensScalance WGenericShodanScalance W0
WORLDSiemensScalance XGenericShodanScalance X1
ITSiemensScalance XGenericShodanScalance X0
WORLDSchleifenbauerSPbus gatewayGenericShodanSchleifenbauer SPbus gateway1
ITSchleifenbauerSPbus gatewayGenericShodanSchleifenbauer SPbus gateway0
CHSchleifenbauerSPbus gatewayGenericShodanSchleifenbauer SPbus gateway0
CHSiemensScalance XGenericShodanScalance X0
WORLDSchneider ElectricPowerLogic ECCECC21ShodanSchneider Electric ECC210
ITSchneider ElectricPowerLogic ECCECC21ShodanSchneider Electric ECC210
CHSchneider ElectricPowerLogic ECCECC21ShodanSchneider Electric ECC210
WORLDSchneider ElectricPowerLogic EGXEGX100MGShodanSchneider Electric EGX100MG2
ITSchneider ElectricPowerLogic EGXEGX100MGShodanSchneider Electric EGX100MG0
CHSchneider ElectricPowerLogic EGXEGX100MGShodanSchneider Electric EGX100MG0
WORLDSchneider ElectricPowerLogic PMPM820SDShodanSchneider Electric PM820SD0
ITSchneider ElectricPowerLogic PMPM820SDShodanSchneider Electric PM820SD0
CHSchneider ElectricPowerLogic PMPM820SDShodanSchneider Electric PM820SD0
ITSchneider ElectricPowerLogic PMPM870SDShodanSchneider Electric PM870SD0
CHSchneider ElectricPowerLogic PMPM870SDShodanSchneider Electric PM870SD0
WORLDSchneider ElectricPowerLogic PMPM870SDShodanSchneider Electric PM870SD0
WORLDSchneider ElectricGenericGenericShodanSchneider-WEB150
CHSchneider ElectricGenericGenericShodanSchneider-WEB1
ITSchneider ElectricGenericGenericShodanSchneider-WEB15
WORLDAllen-BradleyGenericGenericShodanSeries C Revision25
ITAllen-BradleyGenericGenericShodanSeries C Revision0
CHAllen-BradleyGenericGenericShodanSeries C Revision0
WORLDSiemensGenericGenericShodanSiemens17196
ITSiemensGenericGenericShodanSiemens369
CHSiemensGenericGenericShodanSiemens293
ITSiemensSimatic HMIGenericShodanSimatic86
WORLDSiemensSimatic HMIGenericShodanSimatic1172
CHSiemensSimatic HMIGenericShodanSimatic16
WORLDSiemensSimatic S7GenericShodanSimatic S7663
CHSiemensSimatic S7GenericShodanSimatic S70
WORLDSiemensSimatic HMIGenericShodanSimatic -S7 HMI61
ITSiemensSimatic HMIGenericShodanSimatic -S7 HMI3
CHSiemensSimatic HMIGenericShodanSimatic -S7 HMI1
ITSiemensSimatic S7GenericShodanSimatic S724
WORLDSiemensSimatic NETGenericShodanSimatic net96
ITSiemensSimatic NETGenericShodanSimatic net10
CHSiemensSimatic NETGenericShodanSimatic net13
WORLDSoftPLCGenericGenericShodanSoftPLC515
WORLDSpiderControlGenericGenericShodanSpiderControl134
ITSpiderControlGenericGenericShodanSpiderControl19
CHSpiderControlGenericGenericShodanSpiderControl2
ITSoftPLCGenericGenericShodanSoftPLC0
CHSoftPLCGenericGenericShodanSoftPLC0
WORLDStulzGenericGenericShodanStulz GmbH Klimatechnik16
ITStulzGenericGenericShodanStulz GmbH Klimatechnik1
CHStulzGenericGenericShodanStulz GmbH Klimatechnik0
ITSchneider ElectricTac XENTA 913GenericShodanTAC/Xenta0
WORLDSchneider ElectricTac XENTA 913GenericShodanTAC/Xenta0
CHSchneider ElectricTac XENTA 913GenericShodanTAC/Xenta0
CHSchneider ElectricModiconGenericShodanTELEMECANIQUE BMX0
ITSchneider ElectricModiconGenericShodanTELEMECANIQUE BMX11
WORLDSchneider ElectricModiconGenericShodanTELEMECANIQUE BMX107
CHTHUSGenericGenericShodanTHUS plc FTP server0
WORLDTHUSGenericGenericShodanTHUS plc FTP server0
ITTHUSGenericGenericShodanTHUS plc FTP server0
ITSchneider ElectricTac XENTA 913GenericShodanTac XENTA 9130
WORLDSchneider ElectricTac XENTA 913GenericShodanTac XENTA 9130
CHSchneider ElectricTac XENTA 913GenericShodanTac XENTA 9130
WORLDWind RiverGenericGenericShodanVxWorks29306
CHWind RiverGenericGenericShodanVxWorks53
ITWind RiverGenericGenericShodanVxWorks678
CHCodesysWebVisuGenericShodanWebvisu2
WORLDWagoGenericGenericShodanWAGO115
ITWagoGenericGenericShodanWAGO6
CHWagoGenericGenericShodanWAGO31
WORLDCodesysWebVisuGenericShodanWebvisu30
ITCodesysWebVisuGenericShodanWebvisu0
WORLDSiemensSimatic HMIGenericShodanWelcome to the Windows CE Telnet Service on HMI_Panel2
CHSiemensSimatic HMIGenericShodanWelcome to the Windows CE Telnet Service on HMI_Panel0
WORLDWind RiverGenericGenericShodanWindRiver-WebServer11011
ITWind RiverGenericGenericShodanWindRiver-WebServer197
CHWind RiverGenericGenericShodanWindRiver-WebServer13
ITSiemensSimatic HMIGenericShodanWelcome to the Windows CE Telnet Service on HMI_Panel0
ITNRG SystemsWindCubeGenericShodanWindWeb86
CHNRG SystemsWindCubeGenericShodanWindWeb6
WORLDNRG SystemsWindCubeGenericShodanWindWeb10895
ITRabbitGenericGenericShodanZ-World Rabbit43
WORLDRabbitGenericGenericShodanZ-World Rabbit1531
CHRabbitGenericGenericShodanZ-World Rabbit2
WORLDAdcon TelemetryaddUPI-OPC ServerGenericShodanaddUPI Server261
ITAdcon TelemetryaddUPI-OPC ServerGenericShodanaddUPI Server1
CHAdcon TelemetryaddUPI-OPC ServerGenericShodanaddUPI Server0
WORLDElster EnergyICTeiPortalGenericShodaneiPortal38
ITElster EnergyICTeiPortalGenericShodaneiPortal0
CHElster EnergyICTeiPortalGenericShodaneiPortal0
WORLDEcheloni.LON 600GenericShodani.LON2398
ITEcheloni.LON 600GenericShodani.LON23
CHEcheloni.LON 600GenericShodani.LON6
CHMoxaioLogikGenericShodanioLogik Web Server0
ITMoxaioLogikGenericShodanioLogik Web Server18
WORLDMoxaioLogikGenericShodanioLogik Web Server143
ITTridiumGenericGenericShodanniagara_audit0
CHTridiumGenericGenericShodanniagara_audit1
WORLDTridiumGenericGenericShodanniagara_audit253
WORLDTridiumGenericGenericShodanniagara_audit -login239
CHTridiumGenericGenericShodanniagara_audit -login1
ITTridiumGenericGenericShodanniagara_audit -login0
CHGenericGenericGenericShodanopenerp server: CherryPy1
ITGenericGenericGenericShodanopenerp server: CherryPy0
WORLDGenericGenericGenericShodanopenerp server: CherryPy26
CHSchneider ElectricPowerLogic IONGenericShodanport:23 "Meter ION"0
WORLDSchneider ElectricPowerLogic IONGenericShodanport:23 "Meter ION"33
ITSchneider ElectricPowerLogic IONGenericShodanport:23 "Meter ION"0
CHTrendIQ3xciteGenericShodanserver: iq30
ITTrendIQ3xciteGenericShodanserver: iq356
WORLDTrendIQ3xciteGenericShodanserver: iq3713
WORLDFujitsuServerViewGenericShodanserverview671
ITFujitsuServerViewGenericShodanserverview3
CHFujitsuServerViewGenericShodanserverview1
WORLDSchneider ElectricGenericGenericShodantitle:PowerLogic665
ITSchneider ElectricGenericGenericShodantitle:PowerLogic0
CHSchneider ElectricGenericGenericShodantitle:PowerLogic0
WORLDSomfyGenericGenericShodantitle:Somfy30
ITSomfyGenericGenericShodantitle:Somfy0
CHSomfyGenericGenericShodantitle:Somfy0
CHAdcon TelemetryGenericGenericShodantitle:adcon0
ITAdcon TelemetryGenericGenericShodantitle:adcon0
WORLDAdcon TelemetryGenericGenericShodantitle:adcon105
ITRabbitGenericGenericShodantitle:phasefale Z-World Rabbit0
CHRabbitGenericGenericShodantitle:phasefale Z-World Rabbit0
WORLDRabbitGenericGenericShodantitle:phasefale Z-World Rabbit2
ITGenericGenericGenericShodanwebSCADA-Modbus0
WORLDGenericGenericGenericShodanwebSCADA-Modbus0
CHGenericGenericGenericShodanwebSCADA-Modbus0