Industrial Protocol Gateways Under Analysis presented at BlackHatUSA2020 2020

by Marco ‘embyte’ Balduzzi,

Summary : With the development of the Industry 4.0, legacy devices like serial control servers or PLCs are often needed to be interconnected to modern IT networks, or to the Internet (e.g. cloud providers). To address this need, protocol gateways enable the conversion of ICS protocols, for example to connect an IP-based network to one or more serial devices, and vice-versa. While previous research has shown that protocol gateways may suffer from local operating-system vulnerabilities, it is not clear to what extent protocol conversion is resilient to attacks or abuse. To give an answer to such questions, we conducted a cross-vendor security evaluation of five popular gateways and discovered several classes of security problems that, when leveraged by adversaries, can damage or negatively impact on the operation of industrial facilities. Through our collaboration with a major bug bounty program, we reported nine 0-day vulnerabilities and we are currently working with the affected vendors in improving the current situation. In this talk, we share the results of our research and discuss the impact to the problems that we identified and potential countermeasures.This is joint work with colleagues Philippe Lin, Ryan Flores, Charles Perine, Rainer Vosseler and external researcher Luca Bongiorni.