documentation/modules/auxiliary/scanner/scada/pcomclient.md
Unitronics Vision PLCs using PCOM protocol
use scanner/scada/pcomclientset RHOST=IP where IP is the IP address of the targetrun to send PCOM commandmsf > use scanner/scada/pcomclient
msf auxiliary(scanner/scada/pcomclient) > show options
Module options (auxiliary/scanner/scada/pcomclient):
Name Current Setting Required Description
---- --------------- -------- -----------
ADDRESS 0 yes PCOM memory address (0 - 65535)
LENGTH 3 yes Number of values to read (1 - 255) (read only)
OPERAND MI yes Operand type (Accepted: Input, Output, SB, MB, MI, SI, ML, SL)
RHOST yes The target address
RPORT 20256 yes The target port (TCP)
UNITID 0 no Unit ID (0 - 127)
VALUES no Values to write (0 - 65535 each) (comma separated) (write only)
Auxiliary action:
Name Description
---- -----------
READ Read values from PLC memory
msf auxiliary(scanner/scada/pcomclient) > set RHOST 192.168.1.1
RHOST => 192.168.1.1
msf auxiliary(scanner/scada/pcomclient) > run
[*] 192.168.1.1:20256 - Reading 03 values (MI) starting from 0000 address
[+] 192.168.1.1:20256 - [00000] : 0
[+] 192.168.1.1:20256 - [00001] : 1
[+] 192.168.1.1:20256 - [00002] : 0
[*] Auxiliary module execution completed
msf auxiliary(scanner/scada/pcomclient) >