Fix wrong values in snmp_sysdescr.xml

[nstylepro]

Changed wrong values of 2 fingerprints

[hdm]

👍 LGTM

[tsellers-r7]

Thanks for the contribution. We don't currently have anything else that uses os.device of HMI Controller. Keeping in mind that os.device is a generic classification for the device, what's the value of adding the specificity here? Is this a label we should apply to other fingerprints?

[tsellers-r7]

As a note, I see that it is listed in https://github.com/rapid7/recog/blob/master/identifiers/hw_device.txt and that we have one occurrence of it's use;

recog/xml/html_title.xml

Lines 1316 to 1325 in c0deef7

	<fingerprint pattern="^(1747-\S+) Home Page$">
	<description>Allen-Bradley 1747-LXXX SLC 5/05 Controller</description>
	<example hw.product="1747-L551">1747-L551 Home Page</example>
	<example hw.product="1747-L551/C">1747-L551/C Home Page</example>
	<example hw.product="1747-L552/C">1747-L552/C Home Page</example>
	<param pos="0" name="hw.vendor" value="Allen-Bradley"/>
	<param pos="0" name="hw.device" value="HMI Controller"/>
	<param pos="1" name="hw.product"/>
	<param pos="0" name="os.vendor" value="Allen-Bradley"/>
	</fingerprint>

[nstylepro]

well, that's incorrect. there is this one:

recog/xml/html_title.xml

Line 1316 in c2beb75

<fingerprint pattern="^(1747-\S+) Home Page$">

the specificity is not so important, but Monitoring is not the proper classification for HMI devices, while they are usually old Windows box

[tsellers-r7]

I made a comment on that one about a split second before you did. Make sense, particularly if this is a firmware image and not stock Windows with some service running on it. This seems like it'd be a good time to had hw.* fields as well since it appears that Siemens makes these and the banner contains model information. Does that sound correct?

If it is correct I can follow this up with a PR to add them if needed.

[nstylepro]

Sound like a good Idea.

[nstylepro]

actually did some further research on these devices. turned out this is running WindowsCE!
(not )
https://support.industry.siemens.com/cs/images/thumbnails/28263711/protool_image_versionen_01_e.gif

should fix that as well. LMK if you want me to push the change as well.

e.g. here:

recog/xml/snmp_sysdescr.xml

Line 6322 in c2beb75

<param pos="0" name="os.family" value="Simatic HMI"/>

actually os.family correct mapping will be
Simatic HMI -> should be WindowsCE
Simatic NET -> should be Windows7
Simatic S7 -> should be Windows
Simatic Sinumerikare -> should be Windows10
and not OSs. they are software on top of some Windows.

[tsellers-r7]

@nstylepro - Yes, if you could add these changes that'd be great. Thanks!

[nstylepro]

@nstylepro - Yes, if you could add these changes that'd be great. Thanks!

review again :)

[tsellers-r7]

os.vendor here and elsewhere should be Microsoft.
hw.vendor should, I'm guessing, be Siemens?
Can you group the os.* and hw.* together?

[tsellers-r7]

The changes from os.product to hw.product are what broke the tests. You can change the field in the example and retest using rspec

[tsellers-r7]

I'll land this and fix the issues. Thanks much for the feedback and pr @nstylepro

[tsellers-r7]

FYI, here is a PR with the changes: #291