ProConOS Detection Scanner
This scanner detects the use of ProConOS in digital assets.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
The ProConOS Detection Scanner identifies instances of the ProConOS protocol on remote PLC devices. ProConOS is commonly used in industrial automation for programmable logic controllers. It allows devices to execute ladder logic programs, providing operational control over machinery in manufacturing, utilities, and other industries. The scanner facilitates identification of ProConOS-based systems for inventory and analysis purposes.
The detection scanner identifies systems running ProConOS by querying the protocol and analyzing responses. It specifically extracts details like ladder logic runtime version, PLC type, and project configuration. This ensures accurate identification of devices using ProConOS in network environments, aiding IT teams in understanding and managing industrial systems.
Technically, the scanner sends a crafted request packet to the target device on the default ProConOS port (20547/TCP). The device’s response is analyzed to validate the presence of ProConOS. Extracted data includes runtime version, project name, boot project, and other metadata crucial for system identification and management.
Exploitation risks from detection alone are minimal; however, exposed ProConOS services may become targets for unauthorized access or manipulation. Identifying such services is critical for securing industrial control systems against potential threats and vulnerabilities.
REFERENCES
