@Article{cmc.2020.011251,
AUTHOR = {Joo-Chan Lee, Hyun-Pyo Choi, Jang-Hoon Kim, Jun-Won Kim, Da-Un Jung, Ji-Ho Shin, Jung-Taek Seo},
TITLE = {Identifying and Verifying Vulnerabilities through PLC Network  Protocol and Memory Structure Analysis},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {65},
YEAR = {2020},
NUMBER = {1},
PAGES = {53--67},
URL = {http://www.techscience.com/cmc/v65n1/39553},
ISSN = {1546-2226},
ABSTRACT = {Cyberattacks on the Industrial Control System (ICS) have recently been 
increasing, made more intelligent by advancing technologies. As such, cybersecurity for 
such systems is attracting attention. As a core element of control devices, the 
Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A 
cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as 
the most representative cases. Thus, cybersecurity for PLCs is considered essential, and 
many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of 
preemptive efforts against attacks. In this study, a vulnerability analysis was conducted on 
the XGB PLC. Security vulnerabilities were identified by analyzing the network protocols 
and memory structure of PLCs and were utilized to launch replay attack, memory
modulation attack, and FTP/Web service account theft for the verification of the results. 
Based on the results, the attacks were proven to be able to cause the PLC to malfunction 
and disable it, and the identified vulnerabilities were defined.},
DOI = {10.32604/cmc.2020.011251}
}