ICSPatch is a hotpatching tool for control application binaries on Codesys runtime-compatible PLCs. It can detect and patch out-of-bounds write/read, improper input sanitization, and os command injection vulnerabilities in control applications. It can patch these vulnerabilities via an LKM-based patcher or through JTAG. ICSPatch is tested on Wago PFC 100, PFC200 for Linux-5.10.21, and BeagleBone Black for Linux-4.19.82-ti-rt-r31.
For evaluating ICSPatch, please follow the instructions in our Guide.
Rajput, Prashant Hari Narayan, Constantine Doumanidis, and Michail Maniatakos. "ICSPatch: Automated Vulnerability Localization and Non-Intrusive Hotpatching in Industrial Control Systems using Data Dependence Graphs." USENIX Security Symposium. 2023.
For more information or help with the setup, please contact Prashant Rajput at prashanthrajput@nyu.edu