hugollanos
commented
2 days ago Hello, the origin of the problem discovered:
With firmware 4.3 the plugin works perfect. Have to analyze how to resolve this situation. Any ideas?
Open hugollanos opened 5 days ago
hugollanos
commented
2 days ago Hello, the origin of the problem discovered:
With firmware 4.3 the plugin works perfect. Have to analyze how to resolve this situation. Any ideas?
🐛 Summary
Zeek version: 7.1.0 (the same behaviour with Zeek 6.0.9) ICSNPP-S7COMM: last version installed with zkg TIA Portal: v18.0.1.0 PLC: S7-1200 with firmware 04.06.00
Problem: Hello, trying to make this excellent plugin working in Zeek. With S7COMM traffic all goes OK, working as expected. But when i try to analyze S7COMMPLUS traffic, the plugin throws an error in "analyzer.log".
When it happens: When i establish "online" connection to the PLC (from TIA Portal).
Evidences An error appears in the "analyzer.log" file and no "s7comm_plus.log" is generated. The content in "analyzer.log" file that appears is:
_{"ts":1732869314.127732,"cause":"violation","analyzer_kind":"protocol","analyzer_name":"S7COMM_TCP","uid":"CJSmbo3LBH4hp7t0mi","id.orig_h":"XX.XX.XX.XX","id.orig_p":58123,"id.resp_h":"XX.XX.XX.XX","id.resp_p":102,"failure_reason":"Binpac exception: binpac exception: out_of_bound: S7comm_Plus:digest: 53 > 25"} {"ts":1732869314.251299,"cause":"violation","analyzer_kind":"protocol","analyzer_name":"S7COMM_TCP","uid":"CJSmbo3LBH4hp7t0mi","id.orig_h":".XX.XX.XX","id.orig_p":58123,"id.resp_h":"XX.XX.XX.XX","id.resp_p":102,"failure_reason":"Binpac exception: binpac exception: out_of_bound: S7commPlus:digest: 54 > 23"}
Thank you in advanced!