Identifying EtherNet/IP Stacks For ICS Research With An Open Source Tool

0
127

Security researchers, operational technology (OT) experts, and asset owners may find the new “EtherNet/IP & CIP Stack Detector” tool handy, according to the company. EtherNet/IP (ENIP) is a network protocol for industrial applications that implements the Common Industrial Protocol (CIP). ENIP is frequently utilised in industrial automation and process control applications. Claroty experts have worked on projects concentrating on the security of ENIP stacks in the past few years and discovered vulnerabilities that could put industrial control systems at risk (ICS).

This open source tool, according to Claroty, may be used to identify and classify the use of third-party ENIP stack code, allowing businesses to better understand their exposure to vulnerabilities found in these stacks. Many industrial firms may not be aware that they are exposed to assaults, according to the cybersecurity firm’s research, because many commercial goods do not clearly indicate the third-party components they employ. Situations like this have sparked debate over the need for SBOMs (software bill of materials). The open source utility can also be used for other purposes. It can be used by researchers to find linked industrial devices and the ENIP stacks they employ.

“The tool would allow researchers to classify groups of devices running the same ENIP stack, and understand the scale of vulnerabilities and affected devices,” Claroty said. Researchers can also utilise it to strengthen their ICS honeypots, making it harder for attackers to figure out if the system they’re attacking is a honeypot. Claroty has utilised the technology to discover ENIP stacks and categorise related implementations in its own study.

RTAutomation, CPPPO, OpENer, and several Rockwell stacks are now supported by the tool. The updated EtherNet/IP & CIP Stack Detector’s source code is available on GitHub. Claroty has previously provided open source tools for examining Microsoft Access database files connected with SCADA applications and for the Urgent/11 vulnerabilities.

LEAVE A REPLY

Please enter your comment!
Please enter your name here