siemens module firmware version

[dodsonmg]

The siemens module appears to correctly request the hardware and software version, but they don't appear to be correctly reported.

The module sends the following: SZL-ID: 0x0011 (Module Identification)

The devices return several indices: 0x0001 (module) 0x0006 (hardware) 0x0007 (firmware)

Per the S7-300/400 System and Standard Functions manual, indices 0x0006 and 0x0007 are associated with a 32 byte data record:

20 bytes: either reserved or the order number of the module 4 bytes: 'V' and the first digit of the version ID 4 bytes: the remaining digits of the version ID

These last 6 bytes contain the hardware and firmware versions. Looking at pcaps recorded from several zgrab runs, this appears to be the case. I can extract hardware and firmware versions which correspond to actual Siemens versions.

When zgrab reports the firmware version, however, it seems to be extracting the 20 byte field from either index 0x0080 or 0x0081, so it reports things like 6ES7954-8LE03-0AA0 or Boot Loader.

[Valentinbist]

I encountered the same/a similar bug. However I was unable to get a version number reported whatsoever. I was able to spot the correct version numbers using wireshark at the spot where @dodsonmg said and where Siemens says it is (http://www.kleissler-online.de/Siemens/SFCs.pdf page 388) but it will not get reported. This is i think caused by the function parseComponentIdentificationResponse in s7.go. However i only have looked through the code once and i am not quite sure.