Plugin not working with S7COMM_PLUS trafficΒ #17
Description
π Summary
Zeek version: 7.1.0 (the same behaviour with Zeek 6.0.9)
ICSNPP-S7COMM: last version installed with zkg
TIA Portal: v18.0.1.0
PLC: S7-1200 with firmware 04.06.00
Problem:
Hello, trying to make this excellent plugin working in Zeek. With S7COMM traffic all goes OK, working as expected. But when i try to analyze S7COMMPLUS traffic, the plugin throws an error in "analyzer.log".
When it happens:
When i establish "online" connection to the PLC (from TIA Portal).
Evidences
An error appears in the "analyzer.log" file and no "s7comm_plus.log" is generated. The content in "analyzer.log" file that appears is:
{"ts":1732869314.127732,"cause":"violation","analyzer_kind":"protocol","analyzer_name":"S7COMM_TCP","uid":"CJSmbo3LBH4hp7t0mi","id.orig_h":"XX.XX.XX.XX","id.orig_p":58123,"id.resp_h":"XX.XX.XX.XX","id.resp_p":102,"failure_reason":"Binpac exception: binpac exception: out_of_bound: S7comm_Plus:digest: 53 > 25"}
{"ts":1732869314.251299,"cause":"violation","analyzer_kind":"protocol","analyzer_name":"S7COMM_TCP","uid":"CJSmbo3LBH4hp7t0mi","id.orig_h":".XX.XX.XX","id.orig_p":58123,"id.resp_h":"XX.XX.XX.XX","id.resp_p":102,"failure_reason":"Binpac exception: binpac exception: out_of_bound: S7comm_Plus:digest: 54 > 23"}
Thank you in advanced!