论文信息 - Hacking an optics manufacturing machine: You don't see it coming?!

Hacking an optics manufacturing machine: You don't see it coming?!

With more and more industrial devices getting inter-connected the attack surface for cyber attacks is increasing steadily. In this paper the possible approach of an attacker who got access to the office network at the Institute for Precision Manufacturing and High-Frequency Technology (IPH) to attack one of the optic machines that reside in another network segment is presented. Based on known vulnerabilities from the Common Vulnerabilities and Exposures (CVE), like the shellshock exploit or remote code execution with PsExec, for devices identified in the network, an attacker can bypass the firewall between the office network and the laboratory network and get full access to the HMI of the target machine.

Martin Schramm | Robert Wildenauer | Karl Leidl

[1] Wei Qi Yan,et al. An Overview of Penetration Testing , 2014, Int. J. Digit. Crime Forensics.

[2] Maher Salem,et al. Mining Techniques in Network Security to Enhance Intrusion Detection Systems , 2012, ArXiv.

[3] Ryan K. L. Ko,et al. A Global, Empirical Analysis of the Shellshock Vulnerability in Web Applications , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[4] Marjan Gusev,et al. Architecture Of A Identity Based Firewall System , 2011, ArXiv.

[5] LongJuan Wang,et al. Research on the Principle and analysis of Shellshock bug , 2015 .

[6] Rafael Uetz,et al. Software Vulnerability Analysis Using CPE and CVE , 2017, ArXiv.