TY - GEN
T1 - Validation of ICS Vulnerability Related to TCP/IP Protocol Implementation in Allen-Bradley Compact Logix PLC Controller
AU - Pavesi, Jaime
AU - Villegas, Thamara
AU - Perepechko, Alexey
AU - Aguirre, Eleazar
AU - Galeazzi, Lorena
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - Industrial Control Systems (ICS) research and testing process was implemented to validate the existence of a well known security vulnerability in a Rockwell Automation Allen-Bradley Compact Logix PLC controller. The study was conducted considering a public advisory from the manufacturer, which includes a large list of families of affected products by the vulnerability. The established hypothesis of the study considered the existence of the vulnerability in a specific available PLC model, included by Rockwell Automation manufacturer in the list of affected products. An exploit was developed and multiple testing was performed to trigger the vulnerability. Testing methodology and results indicates there is sufficient evidence to establish that Rockwell Automation Allen-Bradley Compact Logix 5370 L2 controllers, are not affected by the same type of Improper Input Validation vulnerability, than the Compact Logix 5370 L3 controllers, as it was stated by the manufacturer in a public advisory.
AB - Industrial Control Systems (ICS) research and testing process was implemented to validate the existence of a well known security vulnerability in a Rockwell Automation Allen-Bradley Compact Logix PLC controller. The study was conducted considering a public advisory from the manufacturer, which includes a large list of families of affected products by the vulnerability. The established hypothesis of the study considered the existence of the vulnerability in a specific available PLC model, included by Rockwell Automation manufacturer in the list of affected products. An exploit was developed and multiple testing was performed to trigger the vulnerability. Testing methodology and results indicates there is sufficient evidence to establish that Rockwell Automation Allen-Bradley Compact Logix 5370 L2 controllers, are not affected by the same type of Improper Input Validation vulnerability, than the Compact Logix 5370 L3 controllers, as it was stated by the manufacturer in a public advisory.
KW - Exploit
KW - ICS
KW - PLC
KW - Security
KW - TCP/IP
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85076190501&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-33229-7_30
DO - 10.1007/978-3-030-33229-7_30
M3 - Contribución a la conferencia
AN - SCOPUS:85076190501
SN - 9783030332280
T3 - Communications in Computer and Information Science
SP - 355
EP - 364
BT - Telematics and Computing - 8th International Congress, WITCOM 2019, Proceedings
A2 - Mata-Rivera, Miguel Felix
A2 - Zagal-Flores, Roberto
A2 - Barría-Huidobro, Cristian
PB - Springer
T2 - 8th International Congress on Telematics and Computing, WITCOM 2019
Y2 - 4 November 2019 through 8 November 2019
ER -