In this work, we present a fuzzing framework to automatically discover implementation bugs residing in the communication protocols between the supervisory software and the field …

2022年2月22日 · 假设攻击者已经控制了ICS北部一台主机，并且能够监控、拦截、修改ICS内部主机之间的通信，即MITM attack。 Attack Approaches and Consequences 主要通过两种方 …

ICS 3 Fuzzer: A Framework for discovering protocol implementation bugs in supervisory software by fuzzing To help understand the ideas in the paper, and considering the situation of bug fix, …

By performing fuzz testing on four different pieces of supervisory software with the ICS 3 Fuzzer framework, we find 13 memory corruption bugs. All of them have been responsibly reported to …

fuzzing ICS supervisory software is challenging due to the preva-lent use of proprietary protocols. Without the knowledge of the program states and packet formats, it is difficult to enter the …

In this work, we present a fuzzing framework to automatically discover implementation bugs residing in the communication protocols between the supervisory software and the field devices.

We have implemented a prototype and used it to fuzz the supervisory software of four popular ICS platforms. We have found 13 bugs and received 3 CVEs, 2 are classified as critical (CVSS3.x …

2021年12月6日 · This work presents a fuzzing framework to automatically discover implementation bugs residing in the communication protocols between the supervisory …

ICS$^3$fuzzer: A framework for discovering protocol implementation bugs in ics supervisory software by fuzzing Dongliang Fang , Zhanwei Song , Le Guan , Puzhuo Liu , Anni Peng , Kai …

2021年12月6日 · In this work, we introduce a symbolic-execution based protocol reverse analysis framework to extract the message format and field type of ICS protocols from real-world PLC …