Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

Qais Saif Qassim, Norziana Jamil, Maslina Daud, Norhamadi Ja'affar, Salman Yussof, Roslan Ismail, Wan Azlan Wan Kamarulzaman

Research output: Contribution to journalArticle

1 Citation (Scopus)


IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.

Original languageEnglish
Pages (from-to)153-159
Number of pages7
JournalInternational Journal of Engineering and Technology(UAE)
Issue number2.14 Special Issue 14
Publication statusPublished - 01 Jan 2018

All Science Journal Classification (ASJC) codes

  • Biotechnology
  • Computer Science (miscellaneous)
  • Environmental Engineering
  • Chemical Engineering(all)
  • Engineering(all)
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system'. Together they form a unique fingerprint.

  • Cite this