2024-10-22 –, Europe - Main Room
Inside operational systems (OT), industrial devices communicating over IP could use a wide range of field-specific, manufacturer-dependent or association-promoted industrial network protocols. To understand each other, they sometimes require an additional component as a gateway to make the translation between protocols. These nearly invisible devices play a crucial role in the industrial process: if the translation stops, the communication stops and possibly operations as well. From an attacker's perspective, this means that targeting them may have significant consequences. With this in mind, I assessed the security of a gateway model I often encounter during penetration tests on OT and I discovered several vulnerabilities that have been reported to the manufacturer. Months later, I would like to discuss the many concerns raised by the vulnerabilities themselves and the disclosure process. This tells us a lot about the current situation, issues and threats faced by such gateways, how they are and can be addressed, and what it means for OT cybersecurity.
After introducing the very particular world of industrial network protocols and what they are used for, I will go through a vulnerability research process on a protocol gateway, from discovery to disclosure. Three first vulnerabilities discovered on the device tested will be explained and discussed considering common industrial operations, manufacturers' response, customers' remediation and global OT cybersecurity research.
Claire Vacherot is a pentester and researcher at Orange Cyberdefense France. She likes to test systems and devices that interact with the real world and her activity consists in switching between penetration testing industrial systems and playing with industrial network protocols. Sometimes, she also speaks about all of this at conferences such as GreHack, Defcon or Pass the Salt. As a former software developer, she never misses a chance to write scripts and tools.