Abstract
Industrial Control Systems (ICS) are transitioning from isolated, custom-built systems to those combining general-purpose computer hosts, wireless networks, and artificial intelligence. An increasing number of vulnerabilities in ICS devices are a major concern since it provides potential adversaries with a simple approach to exploit and attack unpatched ICS systems. This paper investigates attack paths that target unpatched system vulnerabilities and their impact on the ICS, as demonstrated using the Waste Water Treatment Plant (WWTP) testbed. Denial of Service (DoS), Buffer overflow, privilege escalation, and illegal command injection attacks are executed, and their impacts are investigated using CIA and STRIDE threat modeling. The main outcomes of the study are, 1) An update on public advisory CVE-2021-33834 by Moxa. 2) Demonstration of attack on a device with publicly accessible Proof of Concept (POC) of another device using Modbus buffer overflow vulnerability. Finally, various recommendations are provided that can be used for security penetration testing to identify security flaws, as well as directions for product developers to implement security by design.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
