DoS Exploitation of Allen-Bradley’s Legacy Protocol through Fuzz Testing

Tacliad, Francisco; Nguyen, Thuy D.; Gondree, Mark

Download

Nguyen_DoS_Exploitation_.pdf (1.126Mb)

Download Record

Download to EndNote/RefMan (RIS)

Download to BibTex

Author

Tacliad, Francisco

Nguyen, Thuy D.

Gondree, Mark

Date

2017-12-05

Metadata

Show full item record

Abstract

EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.

Description

The article of record as published may be found at http://dx.doi.org/10.1145/3174776.3174780

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

URI

http://hdl.handle.net/10945/57263

Collections

Faculty and Researchers' Publications