Hello all
I have tried this on a Micrologix 1100 (FRN9) and 1400 (FRN4)
(The default administrator password is ml1100
The default guest password is guest)
Assume plc is at address 192.168.1.1
Use a pc connected to the PLC with a browser with popups enabled.
Setup a user test password test with permissions "write" under the administrative settings / user management screen
Create a program with N7:0 and N10:0 files.
Under Data Views / New Data View set the N7 file to have write access group.
Set N10 file to have read access only.
Now in a new browser paste in the following (its all one line)
http://192.168.1.1/datachange.htm?offset=7&element=0&value=16384
The link above doesn't show the command - the last bit is offset=7&element=0&value=16384
You will be asked for a password - type in test and test into the password popup.
This should set bit N7:0/14
OK now try the same command but writing to N10:0/14 which is set to have read access only.
http://192.168.1.1/datachange.htm?offset=10&element=0&value=16384
The link above doesn't show the command - the last bit is offset=10&element=0&value=16384
This also works - ie bypasses the security.
Al
I have tried this on a Micrologix 1100 (FRN9) and 1400 (FRN4)
(The default administrator password is ml1100
The default guest password is guest)
Assume plc is at address 192.168.1.1
Use a pc connected to the PLC with a browser with popups enabled.
Setup a user test password test with permissions "write" under the administrative settings / user management screen
Create a program with N7:0 and N10:0 files.
Under Data Views / New Data View set the N7 file to have write access group.
Set N10 file to have read access only.
Now in a new browser paste in the following (its all one line)
http://192.168.1.1/datachange.htm?offset=7&element=0&value=16384
The link above doesn't show the command - the last bit is offset=7&element=0&value=16384
You will be asked for a password - type in test and test into the password popup.
This should set bit N7:0/14
OK now try the same command but writing to N10:0/14 which is set to have read access only.
http://192.168.1.1/datachange.htm?offset=10&element=0&value=16384
The link above doesn't show the command - the last bit is offset=10&element=0&value=16384
This also works - ie bypasses the security.
Al
Last edited: