Home > Research > Publications & Outputs > SimaticScan

Research

Associated organisational units

Electronic data

  • SimaticScan_camera_ready

    Accepted author manuscript, 615 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

SimaticScan: towards a specialised vulnerability scanner for industrial control systems

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

SimaticScan: towards a specialised vulnerability scanner for industrial control systems. / Antrobus, Rob; Frey, Sylvain; Green, Benjamin et al.
Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research. BCS, 2016.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Antrobus, R, Frey, S, Green, B & Rashid, A 2016, SimaticScan: towards a specialised vulnerability scanner for industrial control systems. in Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research. BCS. https://doi.org/10.14236/ewic/ICS2016.2

APA

Antrobus, R., Frey, S., Green, B., & Rashid, A. (2016). SimaticScan: towards a specialised vulnerability scanner for industrial control systems. In Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research BCS. https://doi.org/10.14236/ewic/ICS2016.2

Vancouver

Antrobus R, Frey S, Green B, Rashid A. SimaticScan: towards a specialised vulnerability scanner for industrial control systems. In Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research. BCS. 2016 doi: 10.14236/ewic/ICS2016.2

Author

Antrobus, Rob ; Frey, Sylvain ; Green, Benjamin et al. / SimaticScan : towards a specialised vulnerability scanner for industrial control systems. Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research. BCS, 2016.

Bibtex

@inproceedings{bf4958106c044b20b25355213efd735f,
title = "SimaticScan: towards a specialised vulnerability scanner for industrial control systems",
abstract = "Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan{\textquoteright}s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).",
author = "Rob Antrobus and Sylvain Frey and Benjamin Green and Awais Rashid",
year = "2016",
month = aug,
day = "23",
doi = "10.14236/ewic/ICS2016.2",
language = "English",
booktitle = "Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research",
publisher = "BCS",

}

RIS

TY - GEN

T1 - SimaticScan

T2 - towards a specialised vulnerability scanner for industrial control systems

AU - Antrobus, Rob

AU - Frey, Sylvain

AU - Green, Benjamin

AU - Rashid, Awais

PY - 2016/8/23

Y1 - 2016/8/23

N2 - Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan’s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).

AB - Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan’s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).

U2 - 10.14236/ewic/ICS2016.2

DO - 10.14236/ewic/ICS2016.2

M3 - Conference contribution/Paper

BT - Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research

PB - BCS

ER -