A team of researchers has demonstrated an interesting type of denial-of-service (DoS) attack on programmable logic controllers (PLCs), where network flooding can lead to the disruption of the physical process controlled by the device.
A paper titled “You Snooze, You Lose: Measuring PLC Cycle Times Under Attacks” was published last year by a group of researchers from the German universities Hochschule Augsburg and Freie Universität Berlin. The ICS-CERT agency in the United States this week published an advisory showing what each impacted vendor said or did in response to the flaw.
The security hole, tracked as CVE-2019-10953, has been classified as “high severity” (CVSS score of 7.5) — industrial cybersecurity professionals have often warned that DoS attacks have a much higher impact in the case of industrial systems compared to IT systems.
