Skip to content

v1.0.30 - Modulos Mining: FMS, MineStar AHS, GNSS spoofing, LoRaWAN, SAP CVE-2025-31324

Choose a tag to compare

View all tags
@mrhenrike mrhenrike released this 10 Jun 04:38
· 12 commits to master since this release
v1.0.30
e4c141e

New Mining Sector Modules

scanners/mining/fms_scanner

  • Detects Wenco FMS (Hitachi), Komatsu Dispatch, Modular Mining ProVision, MICROMINE Pitram
  • Checks ports 80/443/8080/8443 for FMS web interfaces
  • HTTP fingerprinting against vendor-specific headers/paths/bodies
  • Checks unauthenticated API endpoints (/api/v1/fleet, /api/vehicles, etc.)
  • Context: BianLian, Cl0p targeted FMS in 2024 - disrupts autonomous fleet without touching trucks

scanners/mining/caterpillar_minestar_api

  • Fingerprints Cat MineStar Fleet, Command (AHS), Terrain, Health, Edge
  • Checks /api/minestar/ endpoints for unauthenticated access
  • Targets: Cat 793F/797F autonomous trucks (220-363t payload)
  • Spring Boot actuator endpoint detection (/actuator/health, /actuator/info)

assessment/mining/gnss_ahs_assessment

  • GNSS/GPS spoofing risk assessment for autonomous haul truck fleets
  • Checks RTK NTRIP server exposure (TCP/2101-2102)
  • Detects gpsd (GPS-over-IP) on TCP/2947
  • Vendor profiles: Caterpillar MineStar Command, Komatsu FrontRunner, Hitachi AHEAD
  • Security checklist + recommendations (OSNMA, INS cross-validation, radio encryption)

assessment/mining/lorawan_underground_audit

  • LoRaWAN network audit for underground mining sensors
  • Checks for MQTT plain text (port 1883 - unauthenticated)
  • Detects LoRa gateway UDP/1700 and network server APIs (ChirpStack/TTS)
  • ABP vs OTAA risk education, LoRaWAN 1.0.x vs 1.1 coverage
  • Targets: gas sensors (Trolex, MSA), personnel trackers (Becker Mining)

cve/sap/cve_2025_31324_netweaver_rce

  • CVE-2025-31324: SAP NetWeaver Visual Composer MetadataUploader RCE (CVSS 10.0)
  • Actively exploited by UNC5174 (Chinese APT/MSS) - April 2025
  • Attack chain: JSP webshell -> SNOWLIGHT downloader -> VShell RAT -> GOREVERSE backdoor
  • Mining context: SAP MII/PCo bridges to OT historians -> lateral movement vector to SCADA
  • Applicable to Vale, Anglo American, and any mining operation using SAP

interpreter: sector=mining

  • search sector=mining now returns all mining modules
  • Aliases: mining, mineracao, mineradora, sap
Assets 2
Loading