Corban Villa (New York University Abu Dhabi), Constantine Doumanidis (New York University Abu Dhabi), Hithem Lamri (New York University Abu Dhabi), Prashant Hari Narayan Rajput (InterSystems), Michail Maniatakos (New York University Abu Dhabi)

Industrial Control Systems (ICS) ensure the automation and safe operation of critical industry, energy, and commerce processes. Despite its importance, ICS code often cannot be evaluated as rigorously as software on traditional computing platforms, as existing code evaluation tools cannot readily interface with the closed ICS ecosystem. Moreover, the use of domain-specific languages, the lack of open and extensible compilers, and the deficiency of techniques developed for ICS-specific nuances, among other challenges, hinder the creation of specialized tools. This paper addresses these challenges by introducing ICSQuartz, the first native fuzzer for IEC 61131-3 Structured Text (ST), a standardized Programmable Logic Controller (PLC) programming language. Native support eliminates the necessity of any vendor or architecture-specific requirements.

ICSQuartz outperforms the fastest state-of-the-art fuzzers in the ICS space by textit{more than an order of magnitude in executions per second}. In addition to natively fuzzing ST code, we introduce novel mutation strategies to ICSQuartz that uncover vulnerabilities due to the scan cycle architecture of ST programs--a nuance that traditional fuzzers do not consider. Using ICSQuartz, we perform the first large-scale fuzzing campaign of real-world ICS libraries, resulting in multiple vulnerability disclosures and bug fixes. In addition to vulnerabilities, ICSQuartz discovered a bug in an open-source ST compiler. These findings underscore the imperative impact of ICSQuartz in the ICS domain.

View More Papers

Impact Tracing: Identifying the Culprit of Misinformation in Encrypted...

Zhongming Wang (Chongqing University), Tao Xiang (Chongqing University), Xiaoguo Li (Chongqing University), Biwen Chen (Chongqing University), Guomin Yang (Singapore Management University), Chuan Ma (Chongqing University), Robert H. Deng (Singapore Management University)

Read More

Cellular Metasploit

Dr. Yongdae Kim, Director, KAIST Chair Professor, Electrical Engineering and GSIS, KAIST

Read More

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via...

Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information Security), Yishun Zeng (Institute for Network Sciences…

Read More

The (Un)usual Suspects – Studying Reasons for Lacking Updates...

Maria Hellenthal (CISPA Helmholtz Center for Information Security), Lena Gotsche (CISPA Helmholtz Center for Information Security), Rafael Mrowczynski (CISPA Helmholtz Center for Information Security), Sarah Kugel (Saarland University), Michael Schilling (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security)

Read More