Fuzzing the S7 network protocol Methodology for security evaluation of Industrial Control Systemsthrough fuzz testing Programmable Logical Controllersoperating with the Siemens S7 network protocol

Abstract

Industrial control systems (ICS) have recently become targets of malicious agents, as demonstrated by the Stuxnet malware, which targeted Siemens programmable logic controllers (PLCs) operating with the Siemens S7 network protocol and successfully infiltrated more than a dozen industrial plants, causing enormous damage to the operating ICS. In an attempt to bring attention to the problems of ICSs security and to ease vulnerability discovery in ICSs operating with equipment manufactured by Siemens, this thesis aims to evaluate the S7 implementation in PLCs through fuzz testing approaches. The thesis further documents the methodology used, so that it can be applied to similar industrial protocols in the future. The execution results shows that network fuzzing is able to successfully cause unwanted behaviour deviations in the target thus rendering it unstable and potentially causing negative impact on the ICS. Those results further indicate the seriousness of the problem by demonstrating how an attacker could possibly disrupt the normal work of ICS by performing fuzz testing through remote execution towards it, which in a real world scenario can lead to severe economical, social and environmental consequences, depending on the process of which the fuzzed target is in control and the amount of targets being fuzzed. This thesis further aims to urge vendors into actions, as the consequences of a compromised ICS can cause enormous impact on a global scale.