DoS Exploitation of Allen-Bradley’s Legacy Protocol through Fuzz Testing
Loading...
Authors
Tacliad, Francisco
Nguyen, Thuy D.
Gondree, Mark
Subjects
Industrial control system
fuzz testing
EtherNet/IP
MicroLogix
fuzz testing
EtherNet/IP
MicroLogix
Advisors
Date of Issue
2017-12-05
Date
Publisher
ACM
Language
Abstract
EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.
Type
Article
Description
The article of record as published may be found at http://dx.doi.org/10.1145/3174776.3174780
Series/Report No
Department
Computer Science (CS)
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
8 p.
Citation
Tacliad, Francisco, Thuy D. Nguyen, and Mark Gondree. "DoS Exploitation of Allen-Bradley's Legacy Protocol through Fuzz Testing." In Proceedings of the 3rd Annual Industrial Control System Security Workshop, pp. 24-31. ACM, 2017.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.