Snakes and Ladder Logic: PLC-VBS, a PLC Control Logic Vulnerability Discovery Tool

by   Sam Maesschalck, et al.

Cyber security risk assessments provide a pivotal starting point towards the understanding of existing risk exposure, through which suitable mitigation strategies can be formed. Where risk is viewed as a product of threat, vulnerability, and impact, understanding each element is of equal importance. This can be a challenge in Industrial Control System (ICS) environments, where adopted technologies are typically not only bespoke, but interact directly with the physical world. To date, existing vulnerability identification has focused on traditional vulnerability categories. While this provides risk assessors with a baseline understanding, and the ability to hypothesize on potential resulting impacts, it is high level, operating at a level of abstraction that would be viewed as incomplete within a traditional information system context. The work presented in this paper takes the understanding of ICS device vulnerabilities one step further. It offers a tool, PLC-VBS, that helps identify Programmable Logic Controller (PLC) vulnerabilities, specifically within logic used to monitor, control, and automate operational processes. PLC-VBS gives risk assessors a more coherent picture about the potential impact should the identified vulnerabilities be exploited; this applies specifically to operational process elements.


page 2

page 7


FieldFuzz: Enabling vulnerability discovery in Industrial Control Systems supply chain using stateful system-level fuzzing

With the advent of the fourth industrial revolution, Programmable Logic ...

Automated CVE Analysis for Threat Prioritization and Impact Prediction

The Common Vulnerabilities and Exposures (CVE) are pivotal information f...

An In-Depth Security Assessment of Maritime Container Terminal Software Systems

Attacks on software systems occur world-wide on a daily basis targeting ...

Attack Potential in Impact and Complexity

Vulnerability exploitation is reportedly one of the main attack vectors ...

The Generation of Security Scoring Systems Leveraging Human Expert Opinion

While the existence of many security elements can be measured (e.g., vul...

Vulnerability Assessment of Industrial Control System with an Improved CVSS

Cyberattacks on industrial control systems (ICS) have been drawing atten...

Please sign up or login with your details

Forgot password? Click here to reset