Blog
About

  • Record: found
  • Abstract: found
  • Article: found
Is Open Access

SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control Systems

1 , 1 , 1 , 1

4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

Cyber Security Research

23 - 25 August 2016

industrial control systems, vulnerability scanner, programmable logic controllers

Read this article at

Bookmark
      There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

      Abstract

      Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan’s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).

      Related collections

      Most cited references 9

      • Record: found
      • Abstract: not found
      • Article: not found

      Exploiting siemens simatic s7 plcs

       D Beresford (2011)
        Bookmark
        • Record: found
        • Abstract: not found
        • Article: not found

        Aspfuzz: A state-aware protocol fuzzer based on application-layer protocols

          Bookmark
          • Record: found
          • Abstract: not found
          • Article: not found

          Nessus plugin id 51192

           T. Security (2015)
            Bookmark

            Author and article information

            Affiliations
            Security Lancaster Research Centre Lancaster University Lancaster LA1 4WA UK security-centre.lancs.ac.uk
            Contributors
            Conference
            October 2016
            October 2016
            : 11-18
            10.14236/ewic/ICS2016.2
            © Antrobus et al. Published byBCS Learning & Development Ltd.Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            ICS-CSR
            4
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product
            Product Information: 1477-9358 BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Comments

            Comment on this article