DoS Exploitation of Allen-Bradley’s Legacy Protocol through Fuzz Testing
Author
Tacliad, Francisco
Nguyen, Thuy D.
Gondree, Mark
Date
2017-12-05Metadata
Show full item recordAbstract
EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.
Description
The article of record as published may be found at http://dx.doi.org/10.1145/3174776.3174780
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Improving the resiliency of the natural gas supply and distribution network
Nadeau, John P. (Monterey, California. Naval Postgraduate School, 2007-03);To accommodate the nationâ s escalating demand for natural gas, which is expected to increase 700% by 2030, the natural gas industry will likely build several new liquefied natural gas (LNG) import terminals. The location ... -
Efficiency vs. security: information technology consolidations-resilience, complexity, and monoculture
Ricker, Jennifer L. (Monterey, California: Naval Postgraduate School, 2018-03);Governmental organizations commonly seek to cut costs and increase efficiency through consolidation and standardization of information technology (IT) infrastructure. This may result in vulnerabilities not typically ... -
A BENCHMARK FRAMEWORK AND SUPPORT FOR AT-SCALE BINARY VULNERABILITY ANALYSIS
Afanador, Kayla N. (Monterey, CA; Naval Postgraduate School, 2021-09);Today, software is integrated into nearly every aspect of our lives and so are its vulnerabilities. Exploited software vulnerabilities can have detrimental financial, social, and economic effects. Researchers rely on ...