DoS Exploitation of Allen-Bradley’s Legacy Protocol through Fuzz Testing
Nguyen, Thuy D.
MetadataShow full item record
EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.
The article of record as published may be found at http://dx.doi.org/10.1145/3174776.3174780
Showing items related by title, author, creator and subject.
Nadeau, John P. (Monterey, California. Naval Postgraduate School, 2007-03);To accommodate the nationâ s escalating demand for natural gas, which is expected to increase 700% by 2030, the natural gas industry will likely build several new liquefied natural gas (LNG) import terminals. The location ...
Efficiency vs. security: information technology consolidations-resilience, complexity, and monoculture Ricker, Jennifer L. (Monterey, California: Naval Postgraduate School, 2018-03);Governmental organizations commonly seek to cut costs and increase efficiency through consolidation and standardization of information technology (IT) infrastructure. This may result in vulnerabilities not typically ...
An approach to vulnerability assessment for Navy Supervisory Control and Data Acquisition (SCADA) system Hart, Dennis (Monterey, California. Naval Postgraduate School, 2004-09);The unfortunate events of September 11, 2001 have caused a renewed effort to protect our Nation's Critical Infrastructures. SCADA systems are relied upon in a large number of the sectors that make up the critical infrastructure ...