EtherNet/IP Devices Detection Scanner
This scanner detects the use of EtherNet/IP Devices on digital assets. It identifies device details such as vendor, product name, serial number, and IP address to facilitate asset discovery and inventory.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
EtherNet/IP is a widely used industrial automation protocol developed for communication in automation systems, including PLCs, sensors, and other devices. It is primarily used in manufacturing, process industries, and factory floor environments where real-time control is crucial. This scanner checks for devices running EtherNet/IP to ensure proper visibility and management of network-connected industrial devices.
This scanner focuses on detecting EtherNet/IP devices by sending specific identity requests to devices on TCP port 44818. It validates responses and extracts detailed information about the devices, such as vendor name, product name, serial number, and IP address. This allows administrators to identify the presence of devices and their details efficiently.
Technically, the scanner sends a crafted EtherNet/IP identity request packet to the target and parses the response for details. The endpoint being targeted is TCP port 44818, commonly associated with EtherNet/IP. The script checks for proper responses and decodes key information like device type, vendor ID, and revision number to assist in network management.
If exploited or improperly configured, EtherNet/IP devices may expose critical industrial control system details. Such information could be leveraged by attackers to disrupt processes or craft targeted attacks on industrial networks. Proper detection aids in risk assessment and mitigates potential threats to operational technology environments.
REFERENCES
