id: honeywell-scada-config info: name: Honeywell Scada Configuration File - Detect author: alperenkesk severity: low description: Honeywell Scada configuration file was detected. The downloaded file opens with the file name and contains critical information about the destination address. reference: - https://www.exploit-db.com/exploits/44734 tags: scada,config,exposure,edb metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/web_caps/webCapsConfig" matchers-condition: and matchers: - type: word words: - "DeviceSubClass" - "IPAddress" condition: and - type: status status: - 200 # Enhanced by md on 2023/02/09