Vulnerability mining for Modbus TCP based on exception field positioning

Abstract

Fuzzing has become an important approach in recent years in detecting vulnerabilities in industrial control system and its network protocol. Traditional fuzzing methods have the shortcomings of low efficiency and blindness. To solve this problem, we have developed an improved fuzzing method based on exception field positioning. The method adds a positioning phase in the testing procedure. We have established a field attribute set model of Modbus protocol and combined it with the attribute reduction algorithm to locate the key fields that trigger potential vulnerabilities. This algorithm assists in connecting the effects of the test cases so that we can adjust the test cases toward a more guided testing procedure, instead of plain random testing. In the simulation experiment, the developed fuzzing method has discovered certain vulnerabilities in Modbus TCP, which include an original vulnerability that has been submitted to the China National Vulnerability Database.