SIMonline

Service receive & sending SMS

DoS attack on PLC can disrupt physical processes

82   |     /   Security
DoS attack on PLC can disrupt physical processes
The research team has demonstrated an interesting type of denial of service (DoS) attack on programmable logic controllers (PLCs), where network overflows can disrupt the physical process controlled by the device.



sim online is a virtual number rental service, now it has become even easier to receive SMS to Ukrainian numbers.

Last year, a group of researchers from the German universities of Hochschule Augsburg and Freie Universität Berlin published an article entitled “While you doze, you lose: measuring PLC cycle times under attack”. ICS-CERT in the United States released recommendations this week showing what each affected seller said or did in response to a flaw.

A security vulnerability identified as CVE-2019-10953 has been classified as “high severity” (CVSS 7.5) - industry cybersecurity professionals often warn that DoS attacks have a much greater impact in the case of industrial systems than with IT systems.

PLCs are vulnerable to DoS attacks. The attack targets the PLC cycle time. The PLC operates in four phases of the cycle: it reads input data (for example, sensors), executes its program, performs diagnostic and communication tasks, and writes output data. The time required to complete this cycle is called the cycle time, which is usually 1 to 10 milliseconds.

Researchers have shown that specially designed network traffic destined for PLCs can affect this synchronization, which can lead to disruptions in the real physical process controlled by the PLCs.

“PLCs react very differently, some have completely stopped updating their outputs, others have slowed down,” said Matthias Niedermeier, one of the researchers at Hochschule Augsburg participating in this project.

Other researchers previously suggested that network traffic can influence processes controlled by industrial control systems (ICS), and experiments conducted by Hochschule Augsburg and Freie Universität Berlin experts on 16 devices from six vendors demonstrated its practical operation. They noted that attacks were carried out - as far as possible - against PLCs working with default configurations.

An attack can be launched either from the Internet (if the target device is open to the Internet), or from a compromised device on the same network as the target PLC (including another PLC). Experts noted that the attacker does not need to have specific knowledge about the real process controlled by the PLC or the program executed on it.

This type of DoS attack is interesting in that although it targets the network side of the PLC, it actually targets the electrical side (i.e., the process controlled by the PLC) rather than the network connection.

It seems that only one of the tested devices was not vulnerable to network overflow attacks. However, only one vendor has released genuine patches.

The suppliers whose products have been tested are ABB, Phoenix Contact, Schneider Electric, Siemens and WAGO. According to ICS-CERT, only Schneider Electric has released patches for its Modicon M221 and EcoStruxure Machine Expert products. ABB said that attacks were possible because its product remained in default configuration during the attack, and Phoenix Contact said that its new products were not affected; the company does not release patches for older products and encourages customers to take measures to reduce risk.

Siemens said this was not a vulnerability in its products, and WAGO said it was a known issue for some devices and recommended remedies.

“Since almost all manufacturers are affected in one way or another, it was difficult to find a good solution here, and thus the process took a long time,” Niedermeier explained. “Personally, I believe that this topic requires further study by the manufacturer, since there is feedback from network traffic to the real physical process. We, as researchers, have only a few devices and cannot investigate a huge number of PLCs. ”

Similar news


New Edge Web Browser for Test Drive

Last December, Microsoft made an amazing discovery. The company was rebuilding its application to improve web browsing in Windows 10 - Edge - from scratch. Surprise turned to distrust when Microsoft announced that the new Edge would be built using the same code as Google Chrome.

Disadvantages of VMware Patches

Security updates released by VMware for its vCloud Director, ESXi, Workstation, and Fusion products fix several vulnerabilities, including recently discovered at the Pwn2Own 2019 hacker competition.

Vulnerability of PowerFlex AC Drives

Rockwell Automation Allen Bradley PowerFlex 525 AC drives are subject to critical denial of service (DoS) vulnerabilities that allow hackers to gain control of devices.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2020

All rights reserved