AIS and the National Motor Freight Traffic Association, Inc. (NMFTA) have published a vulnerability within trailer Power Line Communications (PLC) signals. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisory to bring awareness of the vulnerability to the transportation systems sector.
This research indicates that it is possible to read PLC signals reliably using active antennas at six feet and up to eight feet away. NMFTA researcher Ben Gardiner and AIS researchers Dan Salloum, Chris Poore and Eric Thayer reported this vulnerability to CISA.
“This vulnerability could lead to the exposure of sensitive information, traversing the vehicle bus,” said Thayer, Principal Investigator at AIS. “We expect to be able to build upon this research to identify other potential issues that could impact the reliability and integrity of connected systems.”
CVE-2020-14514 has been assigned to this vulnerability and it has been given a Common Vulnerability Scoring System Version Three (CVSS v3) base score of 4.3.
“This is the first ICS-CERT advisory that AIS has had published,” said Cat Hulser, Program Manager at AIS. “Not only is this an exciting accomplishment for our team, it’s also rewarding to know that we’re contributing to a safer transportation sector in our community.”
To learn more about this advisory, click here.