AIS Publishes Vulnerability in Trailer Power Line Communications

AIS and the National Motor Freight Traffic Association, Inc. (NMFTA) have published a vulnerability within trailer Power Line Communications (PLC) signals. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisory to bring awareness of the vulnerability to the transportation systems sector.

This research indicates that it is possible to read PLC signals reliably using active antennas at six feet and up to eight feet away. NMFTA researcher Ben Gardiner and AIS researchers Dan Salloum, Chris Poore and Eric Thayer reported this vulnerability to CISA.

“This vulnerability could lead to the exposure of sensitive information, traversing the vehicle bus,” said Thayer, Principal Investigator at AIS. “We expect to be able to build upon this research to identify other potential issues that could impact the reliability and integrity of connected systems.”

CVE-2020-14514 has been assigned to this vulnerability and it has been given a Common Vulnerability Scoring System Version Three (CVSS v3) base score of 4.3.

“This is the first ICS-CERT advisory that AIS has had published,” said Cat Hulser, Program Manager at AIS. “Not only is this an exciting accomplishment for our team, it’s also rewarding to know that we’re contributing to a safer transportation sector in our community.”

To learn more about this advisory, click here.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound