ãããã³ã«ã²ãŒããŠã§ã€ã¯ããã·ã³ããŒã«ãã»ã³ãµãŒãããŸããŸãªã¢ã¯ãã¥ãšãŒã¿ãŒãããã³å·¥å Žããã ãçºé»æãç£æ¥ãã©ã³ããå®è¡ããã³ã³ãã¥ãŒã¿ãŒéã§ããã·ã§ã³ã¯ãªãã£ã«ã«ãªã³ãã³ãå€æãæäŸããå°ããªããã€ã¹ã§ãããããã®ã²ãŒããŠã§ã€ã¯ããŒã ã«ãŒã¿ãŒã«äŒŒãŠããŸãããŸããç°ãªããããã¯ãŒã¯ã«æ¥ç¶ãããè€æ°ã®ã€ã³ã¿ãŒãã§ã€ã¹ããããããŸããŸãªæ»æã«å¯ŸããŠåæ§ã«è匱ã§ãããã®ãããªããã€ã¹ã«é害ãçºçãããšãå¶åŸ¡ã·ã¹ãã ãšãã·ã³éã®éä¿¡ã倱ãããŸãããªãã¬ãŒã¿ãŒã¯äœãèµ·ãã£ãŠããã®ãããããŸãããå®éã圌ãã¯ãæ©æ¢°ãã¿ãŒãã³ããŸãã¯çºé»æ©ãå®å šã«åäœããŠãããã©ããããç¥ãããšãã§ããŸãããäœããæããã«ééã£ãŠããå Žåã§ããã²ãŒããŠã§ã€ã«é害ãçºçãããšããªãã¬ãŒã¿ãŒã¯ããã»ã¹ãéå§ãŸãã¯åæ¢ããã³ãã³ããçºè¡ã§ããªããªããŸãã
åæ§ã®ç¶æ³ã¯ã2015幎12æã®éã«ãªããã°ãªããŸããã§ãããŠã¯ã©ã€ãã®é»å網ãžã®æ»æïŒæ»æè ã¯ãæå·ãããã¡ãŒã ãŠã§ã¢ãå€é»æã«ã¢ããããŒãããããšã«ãããé»å網å¶åŸ¡ã»ã³ã¿ãŒã«ã¢ã¯ã»ã¹ããå€é»æã®ãããã³ã«ã²ãŒããŠã§ã€ãç¡å¹ã«ããŸãããããã«ãããåè·¯ãã¬ãŒã«ãŒãéããããã®å¶åŸ¡ã·ã¹ãã ããã®ã³ãã³ããéä¿¡ã§ããªãã£ãããããŠãŒãã£ãªãã£ãšã³ãžãã¢ããµãŒãã¹ã埩å ããããšãããã¹ãŠã®è©Šã¿ããããã¯ãããŸããã
SANS ICSïŒç±³åœã®æè²ç 究æ©é¢ã§ããSANSç£æ¥çšå¶åŸ¡ã·ã¹ãã ç 究æã®äžéšéïŒãšé»ååææ å ±äº€æã»ã³ã¿ãŒïŒE-ISAC-åç±³ã®é»ååžå Žã®åå è ãéããæ§é ïŒã«ããã€ã³ã·ãã³ãã¬ããŒãã§ãã²ãŒããŠã§ã€ãã¡ãŒã ãŠã§ã¢ãç ŽæããŸãããããã³ã«ã¯ãæ©ã®ççºããšåŒã°ããŠããŸãããããã¯ãæ»æè ãããŒãªã³ã¯ïŒã³ã³ãããŒã©ãŒãšãµãã¹ããŒã·ã§ã³éã®ããªããžãšããŠæ©èœãããã©ã³ã¹ã¬ãŒã¿ãŒïŒãç Žå£ãããããäœãèµ·ãã£ãããéåžžã«æ£ç¢ºã«èª¬æããŠããŸãã
å¶åŸ¡ãããã¯ãŒã¯ãšå®è¡ãããã¯ãŒã¯éã®çžäºäœçšã®æ§é ãåºå žïŒä»¥äžãç¹ã«èšèŒããªãéãïŒïŒTrend Micro
ãã®å Žæãåå ã§ããããã³ã«ã²ãŒããŠã§ã€ã¯ãç£æ¥æœèšããã€ã¹ã®ãã§ãŒã³ã®äžã§æã匱ããªã³ã¯ã«ãªãå¯èœæ§ããããæ»æè ã¯2ã€ã®éèŠãªçç±ã§ãã®ãããªããã€ã¹ãæ»æããå¯èœæ§ããããŸãã
- ã²ãŒããŠã§ã€ããã»ãã¥ãªãã£ãšãŒãžã§ã³ããŸãã¯ç»é²ã·ã¹ãã ã«ãã£ãŠç£èŠãããéèŠãªè³ç£ã€ã³ãã³ããªã«å°éããå¯èœæ§ã¯ã»ãšãã©ãããŸããããããã£ãŠãæ»æã«æ°ä»ãå¯èœæ§ã¯äœããªããŸãã
- 翻蚳ã®åé¡ã¯èšºæãé£ããããããããã³ã«ã²ãŒããŠã§ã€ã®èšèšã«æ¬ é¥ããããšãé«åºŠãªæ»æè ãéåžžã«ç§å¯ã®æ»æãè¡ãããšãã§ããŸãã
ã²ãŒããŠã§ã€ã®çš®é¡
åäœã¢ãŒãã«å¿ããŠãã²ãŒããŠã§ã€ã®2ã€ã®ãã¡ããªãåºå¥ã§ããŸãã
- ãªã¢ã«ã¿ã€ã ã²ãŒããŠã§ã€ïŒãªã¢ã«ã¿ã€ã ã²ãŒããŠã§ã€ïŒã¯ããã©ãã£ãã¯ãå©çšå¯èœã«ãªããšè»¢éããŸããåçä¿¡ãã±ããã¯å³åº§ã«è©äŸ¡ãå€æã転éãããŸãã代衚è ïŒNexcom NIO50ãSchneider Link 150ãDigi One IA;
- ããŒã¿ã¹ããŒã·ã§ã³ïŒã€ã³ã¿ãŒãã§ã€ã¹ãããã³ã°ããŒãã«ã䜿çšããŠéåæã§åäœïŒã¯ãæ¥ç¶ãããPLCããããŒã¿ãåä¿¡ããèªã¿åãèŠæ±ãåŸ æ©ããŸããããPLCããç¶æ ã®æŽæ°ãå®æçã«èŠæ±ããåä¿¡ããããŒã¿ãå éšãã£ãã·ã¥ã«ä¿åããŠãªã³ããã³ãã§çºè¡ããŸãã
ãããã³ã«ã²ãŒããŠã§ã€ã®2çªç®ã®éèŠãªç¹æ§ã¯ããããããµããŒãããã³å€æãããããã³ã«ã®ã¿ã€ãã§ãããã®ããããã£ã«ãããããã€ã¹ã¯3ã€ã®ã«ããŽãªã«ã°ã«ãŒãåã§ããŸãã
- , , , Modbus TCP Modbus RTU, â , ;
- , , , Modbus RTU â Profibus, â , ;
- , , , Modbus TCP â Profibus, â , .
ã§ã¯ãã¹ãïŒå·¥æ¥çšãããã³ã«å€æãèµ·ãã ç 究ããæã ã¯ã²ãŒããŠã§ã€ã®æåã®ã°ã«ãŒãã®è匱æ§ã調ã¹ãŸããããã®ããã«ã次ã®ã³ã³ããŒãã³ãã§æ§æããããã¹ããã³ããçµã¿ç«ãŠãŸããã
- ãã¹ããããã²ãŒããŠã§ã€ã®çä¿¡ãã©ãã£ãã¯ãçæããfuzzer-ããšãã°ãModbusTCPããModbusRTUãžã®å€æããã¹ãããå Žåãfuzzerã¯ModbusTCPãã¹ãã±ãŒã¹ãçæããŸãã
- ã²ãŒããŠã§ã€-調æ»å¯Ÿè±¡ã®ããã€ã¹ã
- ã·ãã¥ã¬ãŒã¿-åä¿¡ã¹ããŒã·ã§ã³ãã·ãã¥ã¬ãŒãããããã€ã¹ãããšãã°ãã¹ã¬ãŒãããã€ã¹ã®Modbus RTUãå®è£ ããPLC-ãã§ãŒã³ã«ã¹ã¬ãŒãããã€ã¹ããªãå Žåãäžéšã®ãããã³ã«ã²ãŒããŠã§ã€ãæ£ããæ©èœããªãå¯èœæ§ããããããå¿ èŠã§ãã
- çºä¿¡ãã©ãã£ãã¯ã«é¢ããæ å ±ãã€ãŸããããŒããã£ã¹ããããã³ã«ã«é¢ããæ å ±ãåéããã¹ããã¡ãŒ
- çä¿¡ããã³çºä¿¡ãã©ãã£ãã¯ã®ã¢ãã©ã€ã¶ãŒã
ãããã³ã«ã²ãŒããŠã§ã€ã®è匱æ§ã調æ»ããããã®ãã¹ããã³ãã®ãããã¯å³
å®éã®ãã¹ããã³ã
ã¡ã€ã³ã®ModbusããŒããã¢ãã«åããããã«ããªãŒãã³ãœãŒã¹ãœãããŠã§ã¢QmodMasterã䜿çšããã¹ã¬ãŒãããã€ã¹ã§ããpyModSlaveãã¢ãã«åããããã«ã/ dev / ttyUSB0ããããŒã¿ãåä¿¡ãããªã©ã®ããŒãºã«é©åãããŸããã
Modbus TCPã«ã¯Wiresharkã䜿çšããModbusRTUã«ã¯IONinjaã䜿çšããŠãã©ãã£ãã¯ãååããŸãããããã2ã€ã®ããã°ã©ã ã®åºåããããŒãµãŒãç解ã§ããå ±éã®æ§æã«å€æããããã«ãç¹å¥ãªããŒãµãŒãäœæããŸããã
Apacheã©ã€ã»ã³ã¹ã®äžã§é åžãããBoofuzz-modbusãããžã§ã¯ãã®ããã€ãã®ã¢ãžã¥ãŒã«ãè¿œå ããŠãBooFuzzã«åºã¥ããŠãã¡ã¶ãŒãå®è£ ããŸããããã¡ã¶ãŒãããŸããŸãªICSãããã³ã«ã«ç§»æ€ã§ããããã«ããããã䜿çšããŠããã€ãã®Modbuså®è£ ããã¹ãããŸããã
ããŸããŸãªãããã³ã«ã²ãŒããŠã§ã€ã調ã¹ãŠãããšãã«èŠã€ãã£ãæ»æã®çš®é¡ã®ããã€ãã次ã«ç€ºããŸãã
- ãããã³ã«ãã©ã³ã¹ã¬ãŒã¿ãžã®æ»æã
- è³æ Œæ å ±ã®åå©çšãšæ§æã®åŸ©å·åã
- ãã©ãã£ãã¯ã®å¢å¹ ã
- ç¹æš©ã®ãšã¹ã«ã¬ãŒã·ã§ã³ã
ãããã³ã«ãã©ã³ã¹ã¬ãŒã¿æ»æ
ãªã¢ã«ã¿ã€ã ã²ãŒããŠã§ã€ã¯ããã±ããããããããã³ã«ããå¥ã®ãããã³ã«ã«å€æãããœãŒã¹ãããã³ã«ããããŒãã¿ãŒã²ãããããã³ã«ããããŒã«çœ®ãæããŸããç°ãªããã³ããŒã®ã²ãŒããŠã§ã€ã¯ãç¡å¹ãªãã±ãããç°ãªãæ¹æ³ã§åŠçããŸããããšãã°ãé·ããæ£ããæå®ãããŠããªããã±ãããåä¿¡ããå Žåãé·ãã調æŽãããç Žæ£ãããããã®ã§ã¯ãªãããã®ãŸãŸãããŒããã£ã¹ããããã®ããããŸãããã®æ©èœã䜿çšãããšãModbus TCPã«å¯ŸããŠééã£ãé·ãã®ãã±ãããæ éã«èšèšããŠãModbusRTUãžã®å€æåŸãæ£ãããŸãŸã«ããããšãã§ããŸããããã«ãModbus RTUãã±ãããšããŠèªã¿åããšãåçã®ModbusTCPãšã¯ãŸã£ããç°ãªãæå³ã«ãªããŸãã
æ»æãã±ããïŒModbus TCPã§ã¯ãã¬ãžã¹ã¿ãèªã¿åãã³ãã³ããå«ãŸããŠããŸãããModbus RTUã§ã¯ããã§ã«ããã€ãã®ãããã»ã«ãæžã蟌ãã³ãã³ãã§ãã
ãã®ãã±ãããModbusTCPã»ãã³ãã£ã¯ã¹ã§è§£æãããšãID = 3ã®ãããã¯ããå ¥åã¬ãžã¹ã¿ïŒæ©èœã³ãŒã04ïŒãèªã¿åãã³ãã³ããšããŠè§£éãããŸãããã ããModbus RTUã®ã»ãã³ãã£ã¯ã¹ã§ã¯ãID = 1ã®ãããã¯ã«è€æ°ã®ãããã»ã«ïŒæ©èœã³ãŒã15ããã³0FïŒãæžã蟌ããšè§£éãããŸãã
ãããã³ã«ã²ãŒããŠã§ã€ããã±ãããæ£ããåŠçããªããããå®å šã«ç¡å®³ãªèªã¿åãèŠæ±ãæžã蟌ã¿ã³ãã³ãã«å€ããããããã®è匱æ§ã¯é倧ã§ããé«åºŠãªæ»æè ã¯ããã®è匱æ§ãæªçšããŠããã¯ã€ããªã¹ãã«ç»é²ãããŠããªãIPã¢ãã¬ã¹ããã®æžã蟌ã¿ã³ãã³ãããããã¯ããç¹æ®ãªç£æ¥çšãã¡ã€ã¢ãŠã©ãŒã«ããã€ãã¹ããå¯èœæ§ããããŸãã
ãã®çµæãããšãã°ããšã³ãžã³ããªã³ã«ãããŸãŸããšã³ãžã³ã®ããã©ãŒãã³ã¹ãšå®å šæ§ãç£èŠããããã®ã»ã³ãµãŒïŒæž©åºŠã»ã³ãµãŒãšã¿ã³ã¡ãŒã¿ãŒïŒãç¡å¹ã«ããã«ã¯ã1ã€ã®ã³ãã³ãã§ååã§ãããšã³ãžãã¢ãšãªãã¬ãŒã¿ãŒãããã«æ°ä»ããªãå Žåããšã³ãžã³ã¯ãã§ã«ã¯ãªãã£ã«ã«ã¢ãŒãã«ãªã£ãŠæ éããŠããå¯èœæ§ããããŸããã枩床èšãšã¿ã³ã¡ãŒã¿ãŒãéã¢ã¯ãã£ãã«ãªã£ãŠããããã誰ããããç¥ãããšã¯ã§ããŸããã
è³æ Œæ å ±ã®åå©çšãšæ§æã®åŸ©å·å
Moxaã²ãŒããŠã§ã€ã¯ãMGateManagerãªã¢ãŒãã³ã³ãããŒã«ããã°ã©ã ãšéä¿¡ãããšãã«ç¬èªã®ãããã³ã«ã䜿çšããŸãã MGate Managerãèµ·åãããšããšã³ãžãã¢ã¯ãããã³ã«ã²ãŒããŠã§ã€ã«ã¢ã¯ã»ã¹ããããã®ãŠãŒã¶ãŒåãšãã¹ã¯ãŒãã®å ¥åãæ±ããããŸãããã®åŸãMcGate Managerã¯èªåçã«æ§æããªã»ããããŠããŠãŒã¶ãŒãèšå®ãå€æŽã§ããããã«ããŸãããã£ãŒã«ããšã³ãžãã¢ããããã³ã«ã²ãŒããŠã§ã€ã®æ§æãå®äºããŠ[çµäº]ãã¿ã³ãã¯ãªãã¯ãããšãæ§æãå§çž®ãããæå·åãããŠãã²ãŒããŠã§ã€ã«ã¢ããããŒããããŸãã
Moxaã²ãŒããŠã§ã€ã®æ§ææé
ãã®æé ã«ã¯ãæªçšãããå¯èœæ§ã®ãã2ã€ã®ã»ãã¥ãªãã£äžã®æ¬ é¥ããããŸãã
-åå©çš
ãšã³ãžãã¢ããã°ã€ã³ãããšãããŒãMGate Managerã«æž¡ããããã¹ã¯ãŒããããã·ã¥ãããŸãããã ãããã¹ãããããã¡ãŒã ãŠã§ã¢ã§ã¯ãããã«ãŒããšã³ãžãã¢ã®æå·åããããã¹ã¯ãŒããååããŠã·ã¹ãã ã«äŸµå ¥ããããã¹ã圢åŒã®ãã¹ã¯ãŒããç¥ããªããŠããããã䜿çšããŠç®¡çè æš©éã§ãã°ã€ã³ã§ããããã«ã¡ã«ããºã ãå®è£ ãããŠããŸãã
-æ§æã®
埩å·åãããã¯ãŒã¯ãä»ããŠéä¿¡ãããæå·åãããæ§æã«ã¯ãããã«ãŒããã³ãããŠåŸ©å·åã§ããæå·åããŒãå«ãŸããŠããŸãã
æå·åãããæ§æã«ã¯ã埩å·åããããã®AESããŒãå«ãŸããŠããŸãããããã³ã°ã«éåžžã«äŸ¿å©ã§ã
埩å·åã«ã¯ãããã€ã¹ã®ãã¡ãŒã ãŠã§ã¢ããæœåºãããç¬èªã®åŸ©å·åã©ã€ãã©ãªã䜿çšããŸãããæ§æã«ã¯ãæ§æãã¡ã€ã«ãSQLiteããŒã¿ããŒã¹ãããã³Secure ShellïŒSSHïŒããŒãå«ãŸããŸãã以äžã¯ãååããããšãã§ããç¬èªã®ãããã³ã«ã²ãŒããŠã§ã€ã®åŸ©å·åãããæ§æã®äŸã§ãã
Moxa MGate5105埩å·åãããæ§æãã¡ã€ã«
ãã©ãã£ãã¯ã®å¢å¹
ããŒã¿ã¹ããŒã·ã§ã³ã¯ãããã³ã«ãäºãã«éåæã§ãããŒããã£ã¹ããããããè€æ°ã®1ãããæžã蟌ã¿èŠæ±ã1ã€ã®èŠæ±ã«çµã¿åãããŠãã·ãªã¢ã«ãã¹ãããæå¹ã«æŽ»çšã§ããŸããããšãã°ãããã«ãŒã¯é¢æ°15ïŒæ°ãããã®æžã蟌ã¿ïŒãåŒã³åºãããšãã§ããŸããããŒã¿ã¹ããŒã·ã§ã³ã§ã¯ãID = 2ã®å Žåã¯1ã¬ã³ãŒããID = 4ã®å Žåã¯1ãID = 5ã®å Žåã¯1ãID = 6ã®å Žåã¯1ã«å€æãããŸãããããã£ãŠã1ã€ã®ModbusTCPãšã³ããªã4ã€ã®ModbusRTUãšã³ããªã«å€æãããã·ãªã¢ã«ãã¹ã§ããããªèŒ»èŒ³ãçºçããŸãã
ã»ã«ãæžã蟌ã1ã€ã®TCPã³ãã³ãã4ã€ã®RTUã³ãã³ãã«å€ãããŸãã
ãã®å¢å¹ ã«ãã£ãŠãµãŒãã¹æåŠïŒDoSïŒãçºçããããšã¯ãããŸããããRS-485ãã¹ãéè² è·ã«ãªããšç°åžžãªåäœãçºçããå¯èœæ§ãããããšã«æ³šæããŠãã ããã
ç¹æš©ã®ãšã¹ã«ã¬ãŒã·ã§ã³
MGate 5105-MB-EIPã§ãç¹æš©ãšã¹ã«ã¬ãŒã·ã§ã³ã®è匱æ§CVE-2020-885ãçºèŠããŸãããããã«ãããç¹æš©ã®ãªããŠãŒã¶ãŒãææ Œãããç¹æš©ã§ã³ãã³ããå®è¡ã§ããããã«ãªããŸãã
åé¡ã®åå ã¯ãPingãŠãŒãã£ãªãã£ã®Webã€ã³ã¿ãŒãã§ã€ã¹ã§ã®ãŠãŒã¶ãŒå ¥åã®ãã£ã«ã¿ãªã³ã°ã®æ¬ åŠã§ãã
Mgate PingãŠãŒãã£ãªãã£ã€ã³ã¿ãŒãã§ã€ã¹
æå°éã®æè¡ç¥èã§ãç¹æš©ã®ãªããŠãŒã¶ãŒã¯ãåçŽãªHTTP GETèŠæ±ã䜿çšããŠã«ãŒããŠãŒã¶ãŒã®ã³ã³ããã¹ãã§TelnetããŒã¢ã³ãèµ·åããã«ãŒãã·ã§ã«ã䜿çšããŠå®å šãªãªã¢ãŒãã¢ã¯ã»ã¹ãååŸã§ããŸãã
ç§ãã¡ã®æšå¥šäºé
ããŸããŸãªç£æ¥çšãããã³ã«ã²ãŒããŠã§ã€ã®æäœã®è©³çŽ°ãæ€èšããåŸããµãã©ã€ã€ãã€ã³ã¹ããŒã©ããŸãã¯ãšã³ããŠãŒã¶ãŒåãã«ããã€ãã®æšå¥šäºé ãäœæããŸããã
- - . . .
- â , , . ICS- . Trend Micro â TXOne Networks, OT .
- , â /, . , , , MQTT.
- OT , .