MP3 QA report

pdf

School

Georgia Institute Of Technology *

*We aren’t endorsed by this school

Course

3

Subject

Computer Science

Date

Apr 3, 2024

Type

pdf

Pages

7

Uploaded by kdolph

Report
Questions explanation: 1. Q: Which of the following CVE affected Siemens OT devices and discovered by GaTech researchers as acknowledged by CISA/ICS-CERT? A: CVE-2015-7836 Source: https://www.cisa.gov/news-events/ics-advisories/icsa-15-300-01 2. Q: Mark all that apply about CVE - Common Vulnerabilities and Exposures: A: ALL Source: NVD Vulnerabilities page & https://nvd.nist.gov/general/cve-process; 3. Q: When originally created in 1999, the NVD was called Internet - Categorization of Attacks Toolkit or ICAT. (T/F) A: True Source: NVD General Page;” Originally created in 1999 (called Internet - Categorization of Attacks Toolkit or ICAT)” 4. Q: Each individual CWE (Common Weakness Enumeration Specification) can represent multiple vulnerability types. (T/F) A: True Source: https://nvd.nist.gov/vuln/categories#:~:text=The%20Common%20Weakness%20En umeration%20Specification,represents%20a%20single%20vulnerability%20type .; “Each individual CWE represents a single vulnerability type.” 5. Q: CVE-2020-10611 is associated with the DNP protocol? (T/F) A: True Source: NVD CVE search "the issue is only applicable to installations using DNP3 Data Sets” 6. Q: Select Which Vulnerabilities are considered directory traversal (choose all that apply): A: The (V) marks ; Source: NVD CVE search a. CVE-2022-3770: Zentao Demo15 is vulnerable to Directory Traversal (V) b. CVE-2022-32211: SQL Injection c. CVE-2022-33681: delayed TLS hostname verification in the Pulsar Java Client d. CVE-2022-29799: the flaw allows an attacker to escape from the “etc/networkd- dispatcher”base directory is a DT attack. (V) 7. Q: In what year was the NVD logo created (ex. 2023)? A: 2015 Source: https://nvd.nist.gov/general/brief-history 8. Q: The NVD repository data is represented using the Security Content Automation Protocol (SCAP). (T/F) A: True
Source: NVD main page; “ The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).” 9. Q: How often are changes made to the CVE list updated in the NVD? A: every 1 hr Source: https://nvd.nist.gov/general/FAQ-Sections/General- FAQs#:~:text=The%20NVD%20processes%20the%20CVE,to%20the%20Official%20 CVE%20List .; “The NVD processes the CVE List every hour to ingest new CVE publications, rejections, or modifications. 10. Q: Mitigation of the vulnerabilities typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).” (T/F) A: True Source: https://nvd.nist.gov/vuln 11. Q: The CVE-2019-13944 affects EN100 Ethernet module variants utilizing which of these industrial protocols? A: ALL Source: https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview& query=+CVE-2019-13944&search_type=all&isCpeNameSearch=false 12. Q: The CVE-2013-2791 - MatrikonOPC SCADA DNP3 OPC Server 1.2.0 allowing remote attackers to cause a denial of service, It is classified with which Weakness Enumeration? A: CWE-119 Source: https://nvd.nist.gov/vuln/detail/CVE-2013-2791 13. Q: CVE defines a vulnerability as: ”A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability.” A: True Source: https://nvd.nist.gov/vuln 14. Q: Which of these vulnerabilities affect Allen-Bradley hardware? A: The (V) Marks ; Source: NVD CVE Search a. CVE-2023-24996: Tecnomatix Plant Simulation b. CVE-2012-4690: Rockwell Automation Allen-Bradley Micrologix 1100, 1200, 1400 (V) c. CVE-2007-3012: Fujitsu Siemens Computers d. CVE-2013-3927: Siemens COMOS 9.2 e. CVE-2020-6083: Allen-Bradley Flex IO 17840-AENT/B (V)
15. Q: What was the destination IP address of the request ? A: 13.225.63.76 Source: I followed the http stream that has the content of GET etc/passwd. 16. Q: What was the destination domain? A: www.gatech.edu Source: I followed the http stream that has the content of GET etc/passwd and the content inside provides the answer 17. Q: What was the source IP address of the request ? A: 10.0.2.15 Source: I followed the http stream that has the content of GET etc/passwd and the content inside provides the answer 18. Q: What is the mac address of 10.0.2.15? A: 08:00:27:a6:1f:86 Source: I found the mac address under “Ethernet II”, Source:PscCompu_a6:1f:86 on the http protocol that has the content of GET etc/passwd 19. Q: What was the length of the request? A: 254 Source: the packet length was shown on that http protocol that has the content of GET etc/passwd 20. Q: What browser or tool was used to generate the request? A: Wget Source: I followed the http stream that has the content of GET etc/passwd and the content inside provides the answer 21. Q: Which of the following devices are communicating in the supplied Wireshark network capture file? A: RTU, HMI/SCADA, and electrical multifunction meters Source: HMI is communicating with the RTU while the RTU is pulling current measurement from the electrical multifunction meter via ethernet switch box. 22. Q: What DNP protocol Object and Variation codes are used for the response of analog amp values? A: Object 30, Var 4 Source:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
23. Q: Determine IP address that sent the control command A: 192.168.0.55 Source: Read on the info shows that the master requesting a read response from the slaves (packet no.1) and the slave responded after (packet 2). 24. Q: Indicate the DNP command type for a control command set to open a circuit breaker A: Select then Operate Source: 25. Q: Assuming the inputs are mapped in the exact same order as connected into the input module card, find the DNP point address for the circuit switcher status and the F1 circuit breaker status A: CS-T1, 52-F1=0, 2 Source: The 1 st select Point Number 1 (Pulse) + Operate, the binary input point#2 and all 52-F1 current measurements zeroes out. On the next step of select Pulse#2, it resets binary input point#3 and caused all 16-bit analog output zeros (maybe 52-T1 or 52-F2); then, the next select Pulse#0 -> bin point#1=0 and AO=0.; then, next select Pulse#0 -> bin point#=1 and AO=0; then, select Pulse#1 -> bin point#2=1 and T1=F1 values of 100, 105, 110 (F1 and T1 enabled). Since bin#3=0, we still receive the T1=F1 data, so the conclusion is that bin#3=52-F2, bin#1=52-T1, and bin#2=52-F1. bin#0=CS-T1.
26. Q: Given the network diagram state where the network capture was most likely captured A: Between RTU and HMI/SCALA (A) Source: It requires a master (HMI/SCALA) and slave devices (RTU) to interpret and execute DNP command protocols, while those wires on option B and C are passive peripherals and an ethernet switch box. 27. Q: Find the DNP point address numbers for the transformer amp values A: 52-T1 analog data = 0,1,2 Source: same picture on the source of Q22 28. Q: Determine the RTU vendor based on the MAC address A: Schweitzer Engineer Source: https://www.adminsub.net/mac-address-finder/0030a715f857 ; On the destination of the IP 192.168.0.56, the mac address is provided and RTU mac lookup website shows the RTU vendor info. 29. Q: What is the mac address of the ‘control panel’? A: 0a:50:df:a1:41:9a Source: PLC is usually port 502 (destination), so the control panel is the source 30. Q: What is the IP address of the 'master' PLC? A: 192.168.123.72 Source: The PLCs destination port with unit id21-23 are changing (tank1-3) while
id31 is not changing, so the 192.168.123.72 is the PLC master controller. 31. Q: What is the IP address of the tank 2 PLC? A: 192.168.12.227 Source: picture on Q30; the data on unit identifier 22 raises up to 0x48 (72%) and dropped to 0x2D (45%) after. 32. Q: What is the mac address of the tank 3 PLC? A: 46:f1:ac:4c:62:85 Source: unit id23 raises to 0x54(84%) and drop 2%/0.5s
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
33. Q: True/False. The register used for Tank 2 level on the control panel is 56. A: False Source: The registered used for Tank 2 level is 12, as shown on the end of memory reading of Master PLC 34. Q: What is the IP network address of this PLC system? A: 192.168.123.0 / 24 Source: Control panel and all PLCs IP addresses are 192.168.123.xxx 35. Q: How many active/reachable devices are there on the PLC network that send or receive Modbus packets? A: 5 Source: Control panel, Master PLC, and tank 1-3 PLCs 36. Q: What is the coil address of tank 3 fill valve? A: 131 Source: 37. Q: How fast does tank 3 drain (per every 2 seconds)? A: 8% per 2 seconds Source: unit id23 raises to 0x54(84%) and drop 2%/0.5s (=8%/2s) 38. Q: What device has the mac address 82:21:65:ea:8a:72? A: Tank 2 PLC Source:

Related Documents

Research paper methods section.docx
Benchmark.docx
Homework 3(1).docx
HR's Role in Pathways Financial Credit Union Training Methods.docx
annotated-Nicholas%20Foti%20%2810578536%29%20Analysis%20of%20contemporary%20computer%20security.docx
annotated-10578536%20Assignment%201%20CSI2321.docx.pdf
Machine Learning write up.docx
MP4___Spring_2024.pdf
MP2___Spring_2024__v2_.pdf
CS6262 Project 4 writeup.pdf
Project 2_ Advanced Web Security Spring 2024.pdf
CM212 Unit 9 assignment.pdf
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS