Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis

发布时间:2022-06-26 发布网站:脚本宝典
脚本宝典收集整理的这篇文章主要介绍了Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。


  • 一、摘要
  • 二、介绍
    • (一)PLC存储结构
    • (二)协议结构
    • (三)FTP/Web服务
  • 三、实验评估
    • (一)实验设计
    • (二) 攻击测试
      • (1)重放攻击
      • (2)存储器调制攻击
      • (3)FTP/Web服务帐户盗窃攻击
    • (三)漏洞定义
  • 四、总结


本研究中,对XGB PLC进行了漏洞分析,该PLC利用制造商专门开发的XGT和GLOFA协议,通过分析PLC的网络协议和存储器结构来识别安全漏洞,并利用这些漏洞发起重放攻击、存储器调制攻击和FTP/Web服务帐户盗窃,以验证结果。根据结果,这些攻击被证明能够导致PLC发生故障并使其失效,并对发现的漏洞进行了定义。





Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis


XGB PLC的以太网协议有两种类型:用于HMI和PLC之间通信的XGT协议,以及用于XG5000和PLC之间通信的GLOFA协议。对ICS的网络攻击主要针对EWS,EWS运行ICS上控制设备的总体编程和管理,获得EWS的控制权意味着全面控制ICS。 因此,在本研究中,分析GLOFA协议以攻击EWS和PLC之间的通信,用于分析的数据包是从XG5000向PLC发送运行/停止命令的数据包。GLOFA协议使用端口号2002进行通信,而XG5000通过TCP 三次握手过程连接到PLC。流程完成后,使用图1所示的GLOFA协议传递PLC的基本信息并建立初始连接。


Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis



Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis



Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis






表3 实验装置

Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis


Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis

(二) 攻击测试




Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis




Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis



Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis






表4: PLC上漏洞的定义

Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis


在本研究中,分析了部署在ICS中的PLC的漏洞,以确定攻击的可行性。此外,本文还确认了利用这些漏洞进行攻击的可行性,并根据实验结果定义了需要改进的漏洞,识别所述漏洞和验证攻击都有助于为现场操作员制定措。 未来的研究将通过分析漏洞和发起攻击,重点分析和研究可编程逻辑控制器的运行环境问题,我们还将对先前建议的漏洞保护措施进行研究。

Akpinar, K. O.; Ozcelik, I. (2019): Analysis of machine learning methods in EtherCAT-
based anomaly detection. IEEE Access, vol. 7, pp. 184365-184374. 
Cheng, L.; Li, D.; Ma, L. (2017): The spear to break the security wall of S7commplus. 
Proceedings of Black Hat USA, pp. 1-12. 
Chien, E.; Murchu, L. O.; Falliere, N. (2011): W32.Duqu: the precursor to the next 
Stuxnet. Symantec Security Response, pp. 1-71. 
Dabidson, C. C.; Andel, T. R.; Yampolskiy, M.; McDonald, J. T.; Glisson, W. B. 
(2018): On SCADA PLC and fieldbus cyber-security. Proceedings of 13th International 
Conference on Cyber Warfare and Security, pp. 140-148. 
Falliere, N.; Murchu, L. O.; Chien, E. (2010): W32.Stuxnet Dossier. Symantec Security 
Response, pp. 1-64. 
Farhangi, H. (2010): The path of the smart grid. IEEE Power and Energy Magazine, vol. 
8, no. 1, pp. 18-28. 
Gomez, A. L. P.; Maimo, L. F.; Celdran, A. H.; Clemente, F. G.; Sarmiento, C. C. et 
al. (2019): On the generation of anomaly detection datasets in industrial control system. 
IEEE Access, vol. 7, pp. 177460-177473. 
IEC  (2013):  International  standard  IEC  61131-3  (edition3.0)  programmable  logic 
controllers, part 3: programming languages. International Electrotechnical Commission, 
pp. 1-220. 
Khan,  R.;  Maynard,  P.;  McLaughlin,  K.;  Laverty,  D.;  Sezer,  S.  (2016):  Threat 
analysis  of  BlackEnergy  malware  for  synchrophasor  based  real-time  control  and 
monitoring in smart grid. Proceedings of 4th International Symposium for ICS & SCADA 
Cyber Security Research, pp. 53-63. 
Lutz, M. A.; Vogt, S.; Berkhout, V.; Faulstich, S.; Dienst, S. et al. (2020): Evaluation 
of anomaly detection of an autoencoder based on maintenance information and SCADA-
data. Journal of Energies, vol. 13, pp. 1-18. 
Malchow,  J.;  Marzin,  D.;  Klick,  J.;  Kovacs,  R.;  Roth,  V.  (2015):  PLC  guard:  a 
practical  defense  against  attacks  on  cyber  physical  systems. Proceedings  of  IEEE 
Conference on Communications and Network Security, pp. 326-334.
Mochizuki,  A.;  Sawada,  K.;  Shin,  S.;  Hosokawa,  S.  (2018):  On  experimental 
verification of model based white list for PLC anomaly detection. Proceedings of 11th 
Asian Control Conference, pp. 1766-1771. 
Rrushi,  J.;  Farhangi,  H.;  Howey,  C.;  Carmichael,  K.;  Dabell,  J.  (2015):  A 
quantitative evaluation of the target selection of Havex ICS malware plugin. Proceedings 
of Industrial Control System Security Workshop, pp. 1-5. 
Sandaruwan, G. P. H.; Ranaweera, P. S.; Oleshchuk, V. A. (2013): PLC security and 
critical infrastructure protection. Proceedings of IEEE 8th International Conference on 
Industrial and Information Systems, pp. 81-85. 
Spenneberg, R.; Bruggemann, M.; Schwartke, H. (2016): PLC-blast: a worm living 
solely in the PLC. Proceedings of Black Hat Asia, pp. 1-16. 
Voyiatzis,  A.  G.;  Katsigiannis,  K.;  Koubias,  S.  (2015):  A  Modbus/TCP fuzzer for 
testing  internetworked  industrial  systems. Proceedings  of  IEEE  20th  Conference  on 
Emerging Technologies & Factory Automation, pp. 1-6. 
Wardak, H.; Zhioua, S.; Almulhem, A. (2016): PLC access control: a security analysis. 
Proceedings of World Congress on Industrial Control Systems Security, pp. 56-61. 
Yau, K.; Chow, K. P. (2015): PLC forensics based on control program logic change 
detection. Journal of Digital Forensics, Security and Law, vol. 10, no. 4, pp. 59-68. 
Ylmaz, E. N.; Ciylan, B.; Gönen, S.; Sindiren, E.; Karacayılmaz, G. (2018): Cyber 
security  in  industrial  control  systems:  analysis  of  DoS  attacks  against  PLCs  and  the 
insider effect. Proceedings of 6th International Istanbul Smart Grids and Cities Congress 
and Fair, pp. 81-85. 
You,  Y.  J.;  Oh,  J.  Y.;  Kim,  S.  H.;  Lee,  K.  H.  (2018):  Advanced  approach  to 
information  security  management  system  utilizing  maturity  models  in  critical 
infrastructure. KSII Transactions on Internet and Information Systems, vol. 12, no. 10, pp. 


以上是脚本宝典为你收集整理的Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis全部内容,希望文章能够帮你解决Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis所遇到的问题。

