ICSCORSAIR: HOW I WILL PWN YOUR ERP THROUGH 4-20 MA CURRENT LOOP

ICSCORSAIR: HOW I WILL PWN YOUR ERP THROUGH 4-20 MA CURRENT LOOP

Modern Industrial Control Systems (ICS) are deeply integrated with other parts of corporate networks. Plant Asset Management systems, OPC, and SCADA interconnect low-level devices, such as transmitters, actuators, PLCs, with high-level applications, such as MES and ERP. But, what will happen if you can connect to the line where low-level network protocols (such as HART (FSK over 4-20 mA current loop), FF H1, Profibus DP, Modbus over RS-485, e t.c.) flow? Almost everyone knows that then you can probably affect industrial processes. But, there is something more: from this point, you can attack not only the lowest levels of the network, but also PAS, MES, and even ERP systems!

ICSCorsair is an open hardware tool for auditing low-level ICS protocols. It can communicate with various systems using HART FSK and P8CSK, Foundation Fieldbus H1, Profibus, and Modbus protocols. You can control ICSCorsair via USB cable or remotely over WiFi, Bluetooth, or other wireless connection. Different software will be presented to work with ICSCorsair: Metasploit modules, apps for iOS, and Android, etc.

In this talk, it will be shown how to trigger such vulnerabilities as XXE, DoS, XSS, and others in SCADA, PAS, ERP, and MES systems using only ICSCorsair and the opportunity to connect to low-level ICS protocol line.

Presented by