DTM Components - Shadow Keys to the ICS Kingdom

Explore the security vulnerabilities in Device Type Manager (DTM) components used in industrial control systems during this Black Hat conference talk. Dive into the complex architectures of ICS networks, focusing on FDT/DTM standardization for communication and configuration of field devices. Analyze components for hundreds of devices based on Modbus, HART, and Profibus DP protocols, uncovering insufficient data filtration, XSS, XXE, SSRF, DoS, and other security flaws. Gain insights into the research scope, vulnerability distribution, and statistics across various vendors. Learn about memory corruptions, remote code execution risks, and the implications of developers ignoring standards. Understand the critical importance of securing these components used in oil, gas, energy, nuclear, chemical, and other vital industries.

Introduction
Who am I
Agenda
Theory ICS
Field Protocols
Field Devices
OPC
Key Detail Component Concepts
Simplified Scheme of Working
Screenshot
Internal Architecture
Sources
Research Scope
Hard Transmitter
Wired Transmitter
Hardware Tools
DTM Components
Lab
Oscilloscope
ICS Cursor
Atticus
DTM Vendors
Final Results
Vulnerability Distribution
Memory Corruptions
Other Flaws
XSS Scripting
Ignoring Standards
Developers are too lazy
Software quality
Remote code execution
Statistics
MDT Version 2
MDT Security
Conclusions
Links
Research