Towards Comprehensively Understanding the Run-time Security of Programmable Logic Controllers: A 3-year Empirical Study

by   Rongkuan Ma, et al.

Programmable Logic Controllers (PLCs) are the core control devices in Industrial Control Systems (ICSs), which control and monitor the underlying physical plants such as power grids. PLCs were initially designed to work in a trusted industrial network, which however can be brittle once deployed in an Internet-facing (or penetrated) network. Yet, there is a lack of systematic empirical analysis of the run-time security of modern real-world PLCs. To close this gap, we present the first large-scale measurement on 23 off-the-shelf PLCs across 13 leading vendors. We find many common security issues and unexplored implications that should be more carefully addressed in the design and implementation. To sum up, the unsupervised logic applications can cause system resource/privilege abuse, which gives adversaries new means to hijack the control flow of a runtime system remotely (without exploiting memory vulnerabilities); 2) the improper access control mechanisms bring many unauthorized access implications; 3) the proprietary or semi-proprietary protocols are fragile regarding confidentiality and integrity protection of run-time data. We empirically evaluated the corresponding attack vectors on multiple PLCs, which demonstrates that the security implications are severe and broad. Our findings were reported to the related parties responsibly, and 20 bugs have been confirmed with 7 assigned CVEs.


page 16

page 17


PropFuzz – An IT-Security Fuzzing Framework for Proprietary ICS Protocols

Programmable Logic Controllers are used for smart homes, in production p...

"Yeah, it does have a...Windows `98 Vibe”: Usability Study of Security Features in Programmable Logic Controllers

Programmable Logic Controllers (PLCs) drive industrial processes critica...

FieldFuzz: Enabling vulnerability discovery in Industrial Control Systems supply chain using stateful system-level fuzzing

With the advent of the fourth industrial revolution, Programmable Logic ...

On Design-time Security in IEC 61499 Systems: Conceptualisation, Implementation, and Feasibility

Cyber-attacks on Industrial Automation and Control Systems (IACS) are ri...

Fuzzing the Latest NTFS in Linux with Papora: An Empirical Study

Recently, the first feature-rich NTFS implementation, NTFS3, has been up...

Designing Actively Secure, Highly Available Industrial Automation Applications

Programmable Logic Controllers (PLCs) execute critical control software ...

Behavior-aware Service Access Control Mechanism using Security Policy Monitoring for SOA Systems

Service-oriented architecture (SOA) system has been widely utilized at m...

Please sign up or login with your details

Forgot password? Click here to reset