All labs

LAB-03 · EtherNet/IP (CIP) · 44818/mixed

EtherNet/IP & CIP: class enumeration and attribute writes

The lab harness emulates a CompactLogix L83 with the firmware-overwrite primitive (ICSA-24-009-01) intentionally exposed. Demonstrate the exploit path on a sacrificial controller, then write a Suricata rule that catches it.

Duration

150m

Level

advanced

ISA SL

SL2 · SL3 · SL4

Track

ics pentest

Certification path

Objectives

  1. 01Enumerate CIP classes on a CompactLogix-style target
  2. 02Trigger CVE-2024-21912 in a controlled lab harness
  3. 03Detect the exploit path via Snort/Suricata rules

Success criteria

  • Successful pcap of the malicious CIP class write
  • A working Suricata rule that fires on the pattern
  • Mapping to IEC 62443-3-3 SR 1.6, SR 7.6