{"id":15506,"date":"2016-05-25T14:43:46","date_gmt":"2016-05-25T13:43:46","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15506"},"modified":"2021-07-07T16:22:12","modified_gmt":"2021-07-07T15:22:12","slug":"s7comm-un-outil-de-communication-avec_24","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/","title":{"rendered":"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens"},"content":{"rendered":"<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<figure id=\"post-15913 media-15913\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-15913\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/indu.jpg\" alt=\"\" width=\"320\" height=\"213\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/indu.jpg 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/indu-287x191.jpg 287w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/indu-59x39.jpg 59w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<\/div>\n<p>La s\u00e9curit\u00e9 des <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Syst\u00e8mes d\u2019Informations Industriels (SII)<\/b><\/span> est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces syst\u00e8mes permettent une <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>action directe dans le monde \u00ab physique \u00bb<\/b><\/span> \u00e0 l\u2019aide d\u2019instructions provenant du <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>monde \u00ab logique \u00bb<\/b><\/span> et pilotent les <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>outils de production<\/b><\/span> de nombreuses entreprises.<\/p>\n<p>Du fait du <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>manque de s\u00e9curit\u00e9 <\/b><\/span>de ces syst\u00e8mes, de nombreuses attaques ont \u00e9t\u00e9 recens\u00e9es dans le monde ces derni\u00e8res ann\u00e9es. La derni\u00e8re en date ayant eu le plus gros impact est <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b><b><b>l&#8217;attaque du r\u00e9seau \u00e9lectrique de l&#8217;Ukraine en d\u00e9cembre dernier [1]<\/b><\/b><\/b><\/span>. De nombreuses personnes se sont retrouv\u00e9es sans \u00e9lectricit\u00e9 suite \u00e0 une attaque du r\u00e9seau industriel.<\/p>\n<p>Le plus bas niveau des SI industriels est le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b><b>r\u00e9seau de production<\/b><\/b><\/span>. Les <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>capteurs et les actionneurs<\/b><\/span> sont reli\u00e9s aux entr\u00e9es\/sorties des automates industriels. Les protocoles utilis\u00e9s pour communiquer avec ces automates sont g\u00e9n\u00e9ralement des protocoles propri\u00e9taires. Parmi les plus utilis\u00e9s, on retrouve : <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Modbus, S7comm, DNP3, Profibus, Hart<\/b><\/span>\u2026 Ces protocoles manquent souvent des principales fonctions de s\u00e9curit\u00e9 \u00e0 savoir <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b><b>l\u2019authentification et le chiffrement des flux<\/b><\/b><\/span>. Il est donc possible de rejouer des requ\u00eates et de r\u00e9aliser des actions malveillantes directement sur les automates.<br \/>\n<span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Modbus<\/b><\/span>, protocole de <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Schneider Electric<\/b><\/span> publiquement document\u00e9 et libre de droits, est une norme de r\u00e9f\u00e9rence pour les communications industrielles. De nombreux outils utilisant ce protocole existent pour communiquer avec les automates Schneider :<\/p>\n<div class=\"Enum1\" style=\"margin-left: 88.9pt; mso-list: l2 level1 lfo6; tab-stops: 35.4pt; text-indent: -18pt;\">\n<ul>\n<li><span style=\"font-family: 'symbol'; font-size: 12pt; text-indent: -18pt;\"><span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0 \u00a0 \u00a0 \u00a0<\/span><\/span><span style=\"text-indent: -18pt;\">Le module Metasploit <\/span><i style=\"text-indent: -18pt;\">modbusclient<\/i><span style=\"text-indent: -18pt;\"> [2], permettant de lire et d&#8217;\u00e9crire sur les coils \/ registres de l&#8217;automate<\/span><\/li>\n<li><span style=\"font-family: 'symbol'; font-size: 12pt; text-indent: -18pt;\"><span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0 \u00a0 \u00a0 \u00a0<\/span><\/span><span style=\"text-indent: -18pt;\">Le module Metasploit <\/span><i style=\"text-indent: -18pt;\">modicon_command<\/i><span style=\"text-indent: -18pt;\"> [3], permettant d&#8217;arr\u00eater \/ d\u00e9marrer l&#8217;automate \u00e0 distance<\/span><\/li>\n<li><span style=\"font-family: 'symbol'; font-size: 12pt; text-indent: -18pt;\"><span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0 \u00a0 \u00a0 \u00a0<\/span><\/span><span style=\"text-indent: -18pt;\">Le module Metasploit <\/span><i style=\"text-indent: -18pt;\">modicon_stux_transfer <\/i><span style=\"text-indent: -18pt;\">[4], permettant de r\u00e9cup\u00e9rer \/ t\u00e9l\u00e9charger le code de l&#8217;automate<\/span><\/li>\n<li><span style=\"font-family: 'symbol'; font-size: 12pt; text-indent: -18pt;\"><span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0 \u00a0 \u00a0 \u00a0<\/span><\/span><span style=\"text-indent: -18pt;\">Le script perl <\/span><i style=\"text-indent: -18pt;\">mbtget<\/i><span style=\"text-indent: -18pt;\"> [5], permettant de lire et d&#8217;\u00e9crire sur les coils \/ registres de l&#8217;automate<\/span><\/li>\n<li><span style=\"font-family: 'symbol'; font-size: 12pt; text-indent: -18pt;\"><span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0 \u00a0 \u00a0 \u00a0<\/span><\/span><span style=\"text-indent: -18pt;\">La librairie python <\/span><i style=\"text-indent: -18pt;\">Pymodbus<\/i><span style=\"text-indent: -18pt;\"> [6], permettant de communiquer avec des automates Schneider<\/span><\/li>\n<\/ul>\n<\/div>\n<div class=\"MsoNormal\">En revanche, le protocole <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>S7 Communication (S7comm) <\/b><\/span>est quant \u00e0 lui nettement moins fourni en outils,\u00a0 bien qu&#8217;utilis\u00e9 par tous les automates <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Siemens<\/b><\/span>.<br \/>\nIl existe cependant la <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>biblioth\u00e8que Snap7<\/b><\/span> [7] ainsi qu&#8217;un wrapper Python utilisant ce protocole.<\/div>\n<div class=\"MsoNormal\">Nous nous sommes ainsi lanc\u00e9s dans le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>d\u00e9veloppement d&#8217;un nouveau script baptis\u00e9 \u00ab\u00a0s7comm\u00a0\u00bb<\/b><\/span>, permettant facilement de dialoguer avec les automates Siemens.<\/div>\n<div class=\"MsoNormal\"><\/div>\n<div class=\"MsoNormal\" style=\"break-after: avoid; page-break-after: avoid;\"><span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Pr\u00e9sentation de s7comm\u00a0<\/b><\/span>s7comm [8] est un <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>script python<\/b><\/span> utilisant la librairie Snap7 permettant de <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>lire et \u00e9crire sur les sorties des automates Siemens<\/b><\/span>.<\/div>\n<div class=\"MsoNormal\">Les <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>diff\u00e9rents arguments <\/b><\/span>sont directement sp\u00e9cifi\u00e9s en ligne de commande, exactement comme pour le script <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>mbtget<\/b><\/span> pour le protocole <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Modbus<\/b><\/span>\u00a0:<\/div>\n<div><\/div>\n<div style=\"background: #dce5ec; border: 1pt solid #308987; margin-left: 42.55pt; margin-right: 0cm; padding: 1pt 4pt;\">\n<div class=\"LignedecommandeCxSpFirst\" style=\"background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin-left: 0cm;\"><span lang=\"EN-US\">$ python<br \/>\ns7comm.py -a address -m mode -n number -d data ip_address<\/span><b><\/b><\/div>\n<div class=\"LignedecommandeCxSpMiddle\" style=\"background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin-left: 0cm;\"><\/div>\n<div class=\"LignedecommandeCxSpMiddle\" style=\"background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin-left: 0cm;\">-a\u00a0\u00a0\u00a0\u00a0 Adresse \u00e0 partir de laquelle les<br \/>\ndonn\u00e9es vont \u00eatre lues \/ \u00e9crites<\/div>\n<div class=\"LignedecommandeCxSpMiddle\" style=\"background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin-left: 0cm;\">-m [r|w]\u00a0\u00a0\u00a0\u00a0 Choix du mode de<br \/>\nfonctionnement : lecture ou \u00e9criture sur l&#8217;automate<\/div>\n<div class=\"LignedecommandeCxSpMiddle\" style=\"background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin-left: 0cm;\">-n\u00a0\u00a0\u00a0\u00a0 Nombre de donn\u00e9es \u00e0 lire \/<br \/>\n\u00e9crire<\/div>\n<div class=\"LignedecommandeCxSpLast\" style=\"background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin-left: 0cm;\">-d\u00a0\u00a0\u00a0\u00a0 Donn\u00e9es en bit \u00e0 \u00e9crire (exemple<br \/>\n0110)<span style=\"font-size: 11pt;\">\u00a0<\/span><\/div>\n<\/div>\n<div><\/div>\n<div class=\"MsoNormal\">Les <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>deux principales <\/b><\/span>fonctions utilis\u00e9es de la <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>biblioth\u00e8que Snap 7 <\/b><\/span>sont les suivantes :<\/div>\n<div class=\"MsoNormal\"><span lang=\"EN-US\" style=\"font-family: 'courier new'; mso-ansi-language: EN-US;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0s7.read_area(snap7.types.areas[&#8216;PA&#8217;], 0, start, size)<\/span><\/div>\n<div class=\"Enum1\" style=\"margin-left: 49.6pt; mso-list: none; tab-stops: 35.4pt; text-indent: 0cm;\">Cette fonction permet de <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>lire des donn\u00e9es sur les sorties de l&#8217;automate<\/b><\/span> en utilisant le protocole S7comm.<br \/>\nElle admet quatre arguments :<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l5 level1 lfo3; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->1. Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>type<\/b><\/span> de donn\u00e9es : dans ce cas, il s&#8217;agit des <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>sorties num\u00e9riques <\/b><\/span>(\u00ab\u00a0tout ou rien\u00a0\u00bb, tor)<span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b> de l&#8217;automate<\/b><\/span>.<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l5 level1 lfo3; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->2. Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>num\u00e9ro de la base de donn\u00e9es<\/b><\/span> : dans le cas des sorties num\u00e9riques, cette option n&#8217;est pas utilis\u00e9e et a donc toujours la valeur 0.<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l5 level1 lfo3; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->3. Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>byte d&#8217;offset <\/b><\/span>: il s&#8217;agit du premier byte lu.<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l5 level1 lfo3; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'times new roman' , 'serif'; font-size: 12pt;\">4.<span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span><!--[endif]-->Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>nombre<\/b><\/span> de bytes \u00e0 lire.<\/div>\n<div><\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l5 level1 lfo3; tab-stops: 35.4pt; text-indent: -18pt;\"><span lang=\"EN-US\" style=\"font-family: 'courier new'; mso-ansi-language: EN-US;\">s7.write_area(snap7.types.areas[&#8216;PA&#8217;], 0, start, data)<\/span><\/div>\n<div class=\"Enum1\" style=\"margin-left: 49.6pt; mso-list: none; tab-stops: 35.4pt; text-indent: 0cm;\">Cette fonction permet <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>d&#8217;\u00e9crire des donn\u00e9es sur les sorties de l&#8217;automate<\/b><\/span>.<\/div>\n<div class=\"Enum1\" style=\"margin-left: 49.6pt; mso-list: none; tab-stops: 35.4pt; text-indent: 0cm;\">Elle a quatre arguments :<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l3 level1 lfo4; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->1. Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>type de donn\u00e9es <\/b><\/span>: dans ce cas, il s&#8217;agit des sorties num\u00e9riques de l&#8217;automate.<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l3 level1 lfo4; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->2. Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>num\u00e9ro de la base de donn\u00e9es<\/b><\/span> : dans le cas des sorties num\u00e9riques, cette option n&#8217;est pas utilis\u00e9e et a donc toujours la valeur 0.<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l3 level1 lfo4; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->3. Le <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>byte d&#8217;offset <\/b><\/span>: il s&#8217;agit du premier byte sur lequel on va \u00e9crire.<\/div>\n<div class=\"Enum2\" style=\"margin-left: 99.8pt; mso-list: l3 level1 lfo4; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->4. Les <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>donn\u00e9es<\/b><\/span> \u00e0 \u00e9crire sous forme de bytearray.<\/div>\n<div><\/div>\n<div class=\"MsoNormal\">Chaque sortie de l&#8217;automate a une <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>valeur sur un bit<\/b><\/span>. <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>Huit sorties<\/b><\/span> peuvent donc \u00eatre \u00e9crites sur un byte. Plusieurs op\u00e9rations doivent donc \u00eatre r\u00e9alis\u00e9es <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>avant d&#8217;envoyer la commande<\/b><\/span> puisque les arguments <span style=\"font-family: 'courier new';\">&#8220;address&#8221;<\/span> et <span style=\"font-family: 'courier new';\">&#8220;number&#8221;<\/span> donn\u00e9s en ligne de commande font r\u00e9f\u00e9rence \u00e0 des bits. Notamment, si le premier bit \u00e0 lire n&#8217;est pas le premier bit du byte, il y a un offset \u00e0 prendre en compte.<\/div>\n<div class=\"MsoNormal\">Pour finir, voici deux exemples d&#8217;utilisation :<\/div>\n<div><\/div>\n<div class=\"Enum1\" style=\"margin-left: 88.9pt; mso-list: l1 level1 lfo5; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]-->1. Lecture de 8 bits \u00e0 partir de l&#8217;adresse 0\u00a0:<\/div>\n<div class=\"Enum1\" style=\"margin-left: 67.05pt; mso-list: none; tab-stops: 35.4pt; text-indent: 0cm;\">\n<figure id=\"post-15922 media-15922\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-15922 alignnone\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/last-1.png\" alt=\"\" width=\"320\" height=\"135\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/last-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/last-1-71x30.png 71w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<\/div>\n<div class=\"Enum1\" style=\"margin-left: 88.9pt; mso-list: l1 level1 lfo5; tab-stops: 35.4pt; text-indent: -18pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'times new roman' , 'serif'; font-size: 12pt;\">2.<span style=\"font-family: 'times new roman'; font-size: 7pt; font-stretch: normal;\">\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span><!--[endif]-->\u00c9criture de la valeur 1 sur 8 bits \u00e0 partir de l&#8217;adresse 0<\/div>\n<div class=\"Enum1\" style=\"margin-left: 67.05pt; mso-list: none; tab-stops: 35.4pt; text-indent: 0cm;\">\n<figure id=\"post-15924 media-15924\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-15924 alignnone\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/last.png\" alt=\"\" width=\"320\" height=\"25\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/last.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/03\/last-71x6.png 71w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<\/div>\n<div class=\"MsoNormal\"><b><span style=\"color: #00477f;\">Conclusion<\/span><\/b><\/div>\n<div class=\"MsoNormal\">\u00c0 travers la publication de <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>l\u2019outil s7comm<\/b><\/span>\u00a0 comme de cet article, nous souhaitons rappeler la relative facilit\u00e9 \u00e0 communiquer avec des <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>automates industriels<\/b><\/span>.<br \/>\nUn attaquant, une fois arriv\u00e9 sur le SI industriel, peut directement <span class=\"Miseenvaleur\" style=\"color: #00477f;\"><b>perturber le proc\u00e9d\u00e9 industriel<\/b><\/span>. Vos commentaires et contributions sont les bienvenus afin de fiabiliser et d\u2019am\u00e9liorer cet outil.<b><\/b><\/div>\n<div><\/div>\n<div><\/div>\n<div class=\"MsoNormal\" style=\"break-after: avoid; line-height: 11.5pt; page-break-after: avoid; text-autospace: none; vertical-align: middle;\"><span style=\"color: #9c9d9e;\">Sources\u00a0:<\/span><\/div>\n<div class=\"Tableau\">[1] <a href=\"https:\/\/ics.sans.org\/blog\/2016\/01\/09\/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\">https:\/\/ics.sans.org\/blog\/2016\/01\/09\/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid<\/a><\/div>\n<div class=\"Tableau\">[2] <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/scanner\/scada\/modbusclient.rb\">https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/scanner\/scada\/modbusclient.rb<\/a><\/div>\n<div class=\"Tableau\">[3] <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/admin\/scada\/modicon_command.rb\">https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/admin\/scada\/modicon_command.rb<\/a><\/div>\n<div class=\"Tableau\">[4] <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/admin\/scada\/modicon_stux_transfer.rb\">https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/auxiliary\/admin\/scada\/modicon_stux_transfer.rb<\/a><\/div>\n<div class=\"Tableau\">[5] <a href=\"https:\/\/github.com\/sourceperl\/mbtget\/blob\/master\/scripts\/mbtget\">https:\/\/github.com\/sourceperl\/mbtget\/blob\/master\/scripts\/mbtget<\/a><\/div>\n<div class=\"Tableau\">[6] <a href=\"https:\/\/github.com\/bashwork\/pymodbus\">https:\/\/github.com\/bashwork\/pymodbus<\/a><\/div>\n<div class=\"Tableau\">[7] <span class=\"MsoHyperlink\"><a href=\"http:\/\/python-snap7.readthedocs.org\/en\/latest\/installation.html\">http:\/\/python-snap7.readthedocs.org\/en\/latest\/installation.html<\/a><\/span><\/div>\n<div class=\"Tableau\">[8] <a href=\"https:\/\/github.com\/alexandrinetorrents\/s7comm\">https:\/\/github.com\/alexandrinetorrents\/s7comm<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces syst\u00e8mes permettent une action directe dans le monde \u00ab physique \u00bb \u00e0 l\u2019aide d\u2019instructions provenant du monde \u00ab logique \u00bb et pilotent&#8230;<\/p>\n","protected":false},"author":1343,"featured_media":15199,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3854,3225],"tags":[402,1069,3856,3857],"coauthors":[1771,3855],"class_list":["post-15506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-deep-dive","category-ethical-hacking-indicent-response","tag-automatisation","tag-outil","tag-programmable","tag-s7comm"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>S7comm : un outil de communication avec les Automates Programmables Industriels Siemens - RiskInsight<\/title>\n<meta name=\"description\" content=\"La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-25T13:43:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-07T15:22:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alexandrine Torrents, Thomas DEBIZE\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alexandrine Torrents, Thomas DEBIZE\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\"},\"author\":{\"name\":\"Alexandrine Torrents\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c15581b492599a056ff0ee7af5e02ab4\"},\"headline\":\"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens\",\"datePublished\":\"2016-05-25T13:43:46+00:00\",\"dateModified\":\"2021-07-07T15:22:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\"},\"wordCount\":948,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"keywords\":[\"automatisation\",\"outil\",\"programmable\",\"s7comm\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Deep-dive\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\",\"name\":\"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"datePublished\":\"2016-05-25T13:43:46+00:00\",\"dateModified\":\"2021-07-07T15:22:12+00:00\",\"description\":\"La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c15581b492599a056ff0ee7af5e02ab4\",\"name\":\"Alexandrine Torrents\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/alexandrine-torrents\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens - RiskInsight","description":"La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/","og_locale":"en_US","og_type":"article","og_title":"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens - RiskInsight","og_description":"La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces","og_url":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/","og_site_name":"RiskInsight","article_published_time":"2016-05-25T13:43:46+00:00","article_modified_time":"2021-07-07T15:22:12+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Alexandrine Torrents, Thomas DEBIZE","twitter_misc":{"Written by":"Alexandrine Torrents, Thomas DEBIZE","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/"},"author":{"name":"Alexandrine Torrents","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c15581b492599a056ff0ee7af5e02ab4"},"headline":"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens","datePublished":"2016-05-25T13:43:46+00:00","dateModified":"2021-07-07T15:22:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/"},"wordCount":948,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","keywords":["automatisation","outil","programmable","s7comm"],"articleSection":["Cybersecurity &amp; Digital Trust","Deep-dive","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/","url":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/","name":"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","datePublished":"2016-05-25T13:43:46+00:00","dateModified":"2021-07-07T15:22:12+00:00","description":"La s\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations Industriels (SII) est aujourd\u2019hui au centre des pr\u00e9occupations dans les entreprises concern\u00e9es. Ces","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","width":1378,"height":1378},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/s7comm-un-outil-de-communication-avec_24\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"S7comm : un outil de communication avec les Automates Programmables Industriels Siemens"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c15581b492599a056ff0ee7af5e02ab4","name":"Alexandrine Torrents","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/alexandrine-torrents\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1343"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15506"}],"version-history":[{"count":22,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15506\/revisions"}],"predecessor-version":[{"id":16245,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15506\/revisions\/16245"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/15199"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15506"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}