Accession Number:



Fuzz Testing of Industrial Network Protocols in Programmable Logic Controllers

Descriptive Note:

Technical Report

Corporate Author:

Naval Postgraduate School Monterey United States

Personal Author(s):

Report Date:


Pagination or Media Count:



Daily operations of U.S. Navy afloat and ashore systems are heavily reliant on industrial control systems ICSs to manage critical infrastructure services. Programmable logic controllers PLCs are vital components in these cyber-physical systems. The industrial network protocols used to communicate between nodes in a control network are complex and vulnerable to a myriad of cyber attacks, as reported by Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team. This thesis utilizes protocol fuzz testing techniques to investigate potential vulnerabilities in the Allen-BradleyRockwell Automation ABRA MicroLogix 1100 PLC through its implementation of EtherNetIP, Common Industrial Protocol CIP, and Programmable Controller Communication Commands PCCC communication protocols. This research also examines whether cross-generational vulnerabilities exist in the more advanced ABRA ControlLogix 1756-L71 PLC. Our results discover several deviations from the EtherNetIP and PCCC specifications in the MicroLogix 1100 implementation of these protocols. Additionally, we find that a recently disclosed denial-of-service vulnerability that renders the MicroLogix 1100 inoperable does not trigger a similar fault condition in the ControlLogix PLC.

Subject Categories:

  • Computer Programming and Software

Distribution Statement: