OT-ICS attacks dataset

The setup involves configuring a network with a vulnerable web application, OpenPLC, SCADA, and Tomcat services. The scenario includes two key vulnerabilities: CVE-2021-44228 (Log4Shell) and CVE-2009-3548 (weak credentials in Apache Tomcat). These vulnerabilities allow attackers to gain remote code execution through Log4j exploits and WAR file uploads, respectively, affecting industrial control systems using OpenPLC and ScadaBR for simulation.

Data and Resources

normal_scan_features.csvCSV
Normal traffic
Explore
- More information
- Download
attack_scan_features.csvCSV
Active scanning involves actively probing a network to discover systems,...
Explore
- More information
- Download
Log4Shell vulnerability discoveryCSV
An attacker uses a scanner to detect the presence of the Log4Shell...
Explore
- More information
Exploit Log4Shell vulnerability CSV
The goal of this step is for the attacker to gain initial access to the...
Explore
- More information
- Download
Lateral mouvement CSV
Once inside the vulnerable web server machine, the attacker's goal is to move...
Explore
- More information
- Download
C&C CSV
The attacker uses the MODBUS/TCP protocol, which typically operates on port...
Explore
- More information
- Download

Additional Info

Field	Value
Source	https://github.com/montimage-projects/OT-ICS-attacks
Author	Montimage
Maintainer	Montimage
Last Updated	September 10, 2025, 11:44 (UTC)
Created	September 10, 2025, 11:36 (UTC)