»Serial-Killer: Security Analysis of Industrial Serial Device Servers«
2018-10-18, 16:00–16:45, Europe

In this talk, I present the results of a security analysis of industrial serial-to-ethernet converter. I identified multiple flaws in the TCP/IP stack, authentication and configuration system on different serial-to-ethernet converter which can be exploited to run arbitrary code or to make these devices inoperable.

On 23th of December, 2015, parts of Western Ukraine had no power. This last for several hours and affected approximately 225,000 Ukrainian people in three different service territories. The power companies later confirmed this was a network attack against their SCADA network. An investigation after the incidents from 2015 revealed that the attackers also target field devices, such as serial-to-ethernet converter [1].

A serial connection seems to be outdated, however, these connections are still used in critical infrastructure and in industrial manufacturing plants. To have the comfort of a modern TCP/IP network, serial-to-ethernet converter are often used to create a bridge to devices that have serial interface. Considering the deployment location, it is important to take a look how secure are these devices.

In this talk, I present the results of a security analysis of industrial serial-to-ethernet converter. I identified multiple flaws (CVE-2018-8865, CVE-2018-8869, CVE-2017-16719, CVE-2017-16715 and CVE-2017-14028) in the TCP/IP stack, authentication and configuration system on different serial-to-ethernet converter which can be exploited to run arbitrary code or to make these devices inoperable.

References [1] L EE , R. M., A SSANTE , M. J., AND CONWAY , T. TLP: White Analysis of the Cyber Attack on the Ukrainian Power Grid. Tech. rep., E-ISAC, Mar. 2016