{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T04:03:36Z","timestamp":1750133016610,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","funder":[{"name":"Topic Engineering Secure Systems of the Helmholtz Association (HGF) and KASTEL Security Research Labs","award":["46.23.02"],"award-info":[{"award-number":["46.23.02"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,17]]},"DOI":"10.1145\/3679240.3734645","type":"proceedings-article","created":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T13:13:42Z","timestamp":1750079622000},"page":"770-779","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Attacks on the Siemens S7 Protocol Using an Industrial Control System Testbed"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-1298-4787","authenticated-orcid":false,"given":"Nicolai","family":"Kellerer","sequence":"first","affiliation":[{"name":"KASTEL Security Research Labs, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6634-8315","authenticated-orcid":false,"given":"Gustavo","family":"S\u00e1nchez","sequence":"additional","affiliation":[{"name":"KASTEL Security Research Labs, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6403-8268","authenticated-orcid":false,"given":"Hermenegildo","family":"Alberto","sequence":"additional","affiliation":[{"name":"KASTEL Security Research Labs, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3572-9083","authenticated-orcid":false,"given":"Veit","family":"Hagenmeyer","sequence":"additional","affiliation":[{"name":"KASTEL Security Research Labs, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1137-1782","authenticated-orcid":false,"given":"Ghada","family":"Elbez","sequence":"additional","affiliation":[{"name":"KASTEL Security Research Labs, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany"}]}],"member":"320","published-online":{"date-parts":[[2025,6,16]]},"reference":[{"key":"e_1_3_3_2_2_2","doi-asserted-by":"publisher","unstructured":"Ahlem Abid Farah Jemili and Ouajdi Korbaa. 2024. Real-time data fusion for intrusion detection in industrial control systems based on cloud computing and big data techniques. Cluster Computing 27 2 (2024) 2217\u20132238. 10.1007\/s10586-023-04087-7","DOI":"10.1007\/s10586-023-04087-7"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-12786-2_3"},{"key":"e_1_3_3_2_4_2","volume-title":"WinCC V7 TLS Certificate Guide","author":"AG Siemens","year":"2022","unstructured":"Siemens AG. 2022. WinCC V7 TLS Certificate Guide. Accessed: 2024-08-27."},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"publisher","unstructured":"Wael Alsabbagh and Peter Langend\u00f6erfer. 2022. A New Injection Threat on S7-1500 PLCs - Disrupting the Physical Process Offline. IEEE Open Journal of the Industrial Electronics Society 3 (2022) 146\u2013162. 10.1109\/OJIES.2022.3151528","DOI":"10.1109\/OJIES.2022.3151528"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICAT54566.2022.9811147"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/WFCS57264.2023.10144251"},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"publisher","unstructured":"Kevin\u00a0S. Anderson Clifford\u00a0W. Hansen William\u00a0F. Holmgren Adam\u00a0R. Jensen Mark\u00a0A. Mikofski and Anton Driesse. 2023. pvlib python: 2023 project update. Journal of Open Source Software 8 92 (2023) 5994. 10.21105\/joss.05994","DOI":"10.21105\/joss.05994"},{"key":"e_1_3_3_2_9_2","first-page":"3971","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Arp Daniel","year":"2022","unstructured":"Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and Don\u2019ts of Machine Learning in Computer Security. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3971\u20133988. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/arp"},{"key":"e_1_3_3_2_10_2","unstructured":"Eli Biham Sara Bitan Aviad Carmel Alon Dankner Uriel Malin and Avishai Wool. 2019. Rogue 7: Rogue Engineering-Station attacks on S7 Simatic PLCs. Blackhat Conference USA (2019)."},{"key":"e_1_3_3_2_11_2","volume-title":"Scapy: the Python-based interactive packet manipulation program & library","author":"Biondi Philippe","year":"2024","unstructured":"Philippe Biondi, Pierre Lalet, Gabriel Potter, Guillaume Valadon, and Nils Weiss. 2024. Scapy: the Python-based interactive packet manipulation program & library. https:\/\/github.com\/secdev\/scapy"},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"crossref","unstructured":"Leo Breiman. 2001. Random forests. Machine learning 45 (2001) 5\u201332.","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_3_3_2_13_2","unstructured":"Defense\u00a0Use Case. 2016. Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (2016)."},{"key":"e_1_3_3_2_14_2","unstructured":"Colin Finck and Tom Dohrmann. 2023. A Decade After Stuxnet: How Siemens S7 is Still an Attacker\u2019s Heaven. Blackhat Conference Europe (2023)."},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","unstructured":"Asem Ghaleb Sami Zhioua and Ahmad Almulhem. 2018. On PLC network security. International Journal of Critical Infrastructure Protection 22 (2018) 62\u201369. 10.1016\/j.ijcip.2018.05.004","DOI":"10.1016\/j.ijcip.2018.05.004"},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.10685057"},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","unstructured":"D.L. Hall and J. Llinas. 1997. An introduction to multisensor data fusion. Proc. IEEE 85 1 (1997) 6\u201323. 10.1109\/5.554205","DOI":"10.1109\/5.554205"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","unstructured":"Eman Hammad Mellitus Ezeme and Abdallah Farraj. 2019. Implementation and development of an offline co-simulation testbed for studies of power systems cyber security and control verification. International Journal of Electrical Power & Energy Systems 104 (2019) 817\u2013826. 10.1016\/j.ijepes.2018.07.058","DOI":"10.1016\/j.ijepes.2018.07.058"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","unstructured":"Henry Hui and Kieran McLaughlin. 2018. Investigating Current PLC Security Issues Regarding Siemens S7 Communications and TIA Portal. ICS-CSR\u201918. 10.14236\/ewic\/ICS2018.8","DOI":"10.14236\/ewic\/ICS2018.8"},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"publisher","unstructured":"Henry Hui Kieran McLaughlin and Sakir Sezer. 2021. Vulnerability analysis of S7 PLCs: Manipulating the security mechanism. International Journal of Critical Infrastructure Protection 35 (2021) 100470. 10.1016\/j.ijcip.2021.100470","DOI":"10.1016\/j.ijcip.2021.100470"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179411"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"publisher","unstructured":"Jehn-Ruey Jiang and Yan-Ting Chen. 2022. Industrial Control System Anomaly Detection and Classification Based on Network Traffic. IEEE Access 10 (2022) 41874\u201341888. 10.1109\/ACCESS.2022.3167814","DOI":"10.1109\/ACCESS.2022.3167814"},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","unstructured":"Nandha\u00a0Kumar Kandasamy Sarad Venugopalan Tin\u00a0Kit Wong and Nicholas\u00a0Junming Leu. 2022. An electric power digital twin for cyber security testing research and education. Computers and Electrical Engineering 101 (2022) 108061. 10.1016\/j.compeleceng.2022.108061","DOI":"10.1016\/j.compeleceng.2022.108061"},{"key":"e_1_3_3_2_24_2","unstructured":"Kaspersky. 2024. Threat Landscape for Industrial Automation Systems: Q1 2024. Accessed: 2024-08-02."},{"key":"e_1_3_3_2_25_2","volume-title":"S7 Data Modification Attack Scripts and IDS","author":"Kellerer Nicolai","year":"2025","unstructured":"Nicolai Kellerer, Gustavo S\u00e1nchez, Hermenegildo Alberto, Veit Hagenmeyer, and Ghada Elbez. 2025. S7 Data Modification Attack Scripts and IDS. https:\/\/github.com\/nbke\/s7-attacks"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.15373938"},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"crossref","unstructured":"Ralph Langner. 2011. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy (2011).","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_3_2_28_2","unstructured":"Cheng Lei Li Donghong and Ma Liang. 2017. The spear to break the security wall of S7CommPlus. Blackhat Conference EU (2017)."},{"key":"e_1_3_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/EEEIC.2019.8783234"},{"key":"e_1_3_3_2_30_2","volume-title":"NSRDB: National Solar Radiation Database","author":"(NREL) National Renewable Energy\u00a0Laboratory","year":"2024","unstructured":"National Renewable Energy\u00a0Laboratory (NREL). 2024. NSRDB: National Solar Radiation Database. https:\/\/nsrdb.nrel.gov\/"},{"key":"e_1_3_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/DMC51747.2021.9529953"},{"key":"e_1_3_3_2_32_2","volume-title":"s7scan: The tool for enumerating Siemens S7 PLCs through TCP\/IP or LLC network","author":"Parnishchev Danila","year":"2018","unstructured":"Danila Parnishchev. 2018. s7scan: The tool for enumerating Siemens S7 PLCs through TCP\/IP or LLC network. https:\/\/github.com\/klsecservices\/s7scan"},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"publisher","unstructured":"\u00c1ngel\u00a0Luis Perales\u00a0G\u00f3mez Lorenzo Fern\u00e1ndez\u00a0Maim\u00f3 Alberto Huertas\u00a0Celdr\u00e1n F\u00e9lix\u00a0J. Garc\u00eda\u00a0Clemente Cristian Cadenas\u00a0Sarmiento Carlos\u00a0Javier Del Canto\u00a0Masa and Rub\u00e9n M\u00e9ndez\u00a0Nistal. 2019. On the Generation of Anomaly Detection Datasets in Industrial Control Systems. IEEE Access 7 (2019) 177460\u2013177473. 10.1109\/ACCESS.2019.2958284","DOI":"10.1109\/ACCESS.2019.2958284"},{"key":"e_1_3_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/UPEC.2018.8542092"},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","unstructured":"Abhijeet Sahu Zeyu Mao Patrick Wlazlo Hao Huang Katherine Davis Ana Goulart and Saman Zonouz. 2021. Multi-Source Multi-Domain Data Fusion for Cyberattack Detection in Power Systems. IEEE Access 9 (2021) 119118\u2013119138. 10.1109\/ACCESS.2021.3106873","DOI":"10.1109\/ACCESS.2021.3106873"},{"key":"e_1_3_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/3632775.3661984"},{"key":"e_1_3_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICIInfS.2013.6731959"},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3590837.3590893"},{"key":"e_1_3_3_2_39_2","volume-title":"Industry Bilddatenbank","year":"2024","unstructured":"Siemens. 2024. Industry Bilddatenbank. https:\/\/www.automation.siemens.com\/bilddb\/"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","unstructured":"Ilias Siniosoglou Panagiotis Radoglou-Grammatikis Georgios Efstathopoulos Panagiotis Fouliras and Panagiotis Sarigiannidis. 2021. A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments. IEEE Transactions on Network and Service Management 18 2 (2021) 1137\u20131151. 10.1109\/TNSM.2021.3078381","DOI":"10.1109\/TNSM.2021.3078381"},{"key":"e_1_3_3_2_41_2","volume-title":"VB\u20192018","author":"Slowik Joe","year":"2018","unstructured":"Joe Slowik. 2018. Anatomy of an attack: Detecting and defeating crashoverride. In VB\u20192018."},{"key":"e_1_3_3_2_42_2","doi-asserted-by":"publisher","unstructured":"Leon Thurner Alexander Scheidler Florian Sch\u00e4fer Jan-Hendrik Menke Julian Dollichon Friederike Meier Steffen Meinecke and Martin Braun. 2018. Pandapower\u2014An Open-Source Python Tool for Convenient Modeling Analysis and Optimization of Electric Power Systems. IEEE Transactions on Power Systems 33 6 (2018) 6510\u20136521. 10.1109\/TPWRS.2018.2829021","DOI":"10.1109\/TPWRS.2018.2829021"}],"event":{"name":"E-Energy '25: The 16th ACM International Conference on Future and Sustainable Energy Systems","location":"Rotterdam Netherlands","acronym":"E-Energy '25","sponsor":["SIGEnergy ACM Special Interest Group on Energy Systems and Informatics"]},"container-title":["Proceedings of the 16th ACM International Conference on Future and Sustainable Energy Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3679240.3734645","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T13:54:32Z","timestamp":1750082072000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3679240.3734645"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,16]]},"references-count":41,"alternative-id":["10.1145\/3679240.3734645","10.1145\/3679240"],"URL":"https:\/\/doi.org\/10.1145\/3679240.3734645","relation":{},"subject":[],"published":{"date-parts":[[2025,6,16]]},"assertion":[{"value":"2025-06-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}