Visible to the public DoS Exploitation of Allen-Bradley's Legacy Protocol Through Fuzz Testing

TitleDoS Exploitation of Allen-Bradley's Legacy Protocol Through Fuzz Testing
Publication TypeConference Paper
Year of Publication2017
AuthorsTacliad, Francisco, Nguyen, Thuy D., Gondree, Mark
Conference NameProceedings of the 3rd Annual Industrial Control System Security Workshop
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6333-4
Keywordscomposability, ethernet/ip, Fuzz Testing, industrial control system, Metrics, MicroLogix, Networked Control Systems Security, pubcrawl, resilience, Resiliency
AbstractEtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the EtherNet/IP software of commercial programmable logic controllers (PLC), we uncover a previously unreported denial-of-service (DoS) vulnerability in the Ethernet/IP implementation of the Rockwell Automation/Allen-Bradley MicroLogix 1100 PLC that, if exploited, can cause the PLC to fault. ICS-CERT recently announces this vulnerability in the security advisory ICSA-17-138-03. This paper describes this vulnerability, the development of an EtherNet/IP fuzzer, and an approach to remotely monitor for faults generated when fuzzing.
Citation Keytacliad_dos_2017