With the advent of the fourth industrial revolution, Programmable Logic Controllers (PLCs) used as field devices, have been growing in their sophistication, offering extensive smart features, such as remote connectivity, support for standardized cryptography, and visualization. Such computational platforms incorporate components from various sources (vendor, platform provider, open-source), bringing along their associated vulnerabilities. This, combined with the increase in reliance on the Industrial Internet of Things (IIoT) devices for automation and feedback, has opened previously airtight networks to remote attacks. Furthermore, modern PLCs often employ commodity software such as Linux on ARM, further expanding the threat surface towards traditional vulnerabilities. Security analysis of Operational Technology (OT) software, specifically, the control runtime and IEC applications, remains relatively unexplored due to its proprietary nature. In this work, we implement FieldFuzz, a methodology for discovering supply chain vulnerabilities in every PLC component using stateful black-box fuzzing without the requirement of a real device. FieldFuzz has been built using the Codesys v3 protocol, making it applicable to at least 80 industrial device vendors ranging from over 400 devices. Fuzzing campaigns uncovered multiple vulnerabilities, leading to three reported CVE IDs. To study the cross-platform applicability of FieldFuzz, we reproduce the findings on a diverse set of Industrial Control System (ICS) devices, showing a significant improvement over the state-of-the-art.
翻译:随着第四次工业革命的到来,作为实地装置使用的可编程逻辑控制器(PLC)日益精密,具有广泛的智能特征,例如远程连接、支持标准化加密和直观化。这些计算平台包含各种来源(供应商、平台提供商、开放源)的组件,并随之带来相关的弱点。这加之在自动化和反馈方面更多地依赖工业物互联网(IIoT)装置,为远程攻击打开了以前紧密的网络。此外,现代PLC公司经常使用商品软件,如ARM上的Lux V3协议,进一步将威胁表面扩大到传统弱点。操作技术软件的安全分析,特别是控制运行时间和IEC应用程序,由于其专有性质,仍然相对没有被探索。在这项工作中,我们实施了FieldFuzz,这是在不要求实际装置的情况下使用状态黑盒系统多种模糊来发现供应链脆弱性的方法。FlodFuzz公司经常使用Csv3协议等商品软件,进一步将威胁面扩大到传统弱点。操作技术软件的安全分析,特别是操作技术运行时间和IEC应用性应用性应用性应用性应用性应用性应用性软件。在至少80个工业设备上,从Slevmexmexmexmexmexmexmexmmmmmmmmmmmmmmmmmexmexmlection 研究。