Trailer Power Line Communications

MonitorCVSS 4.3ICS-CERT ICSA-20-219-01Aug 6, 2020

EnergyManufacturingTransportation

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Researchers from the National Motor Freight Traffic Association and Assured Information Security discovered that trailer Power Line Communications (PLC) signals can be reliably read using active antennas from 6 feet away and potentially farther with improved receivers. PLC is used to transmit signals between trailer electronic control units (ECUs), such as ABS fault messages, air-weigh systems, brake controller data, and telematics. Because PLC signals are radiated as unencrypted electromagnetic emissions over power lines and cables, an attacker with a simple antenna can passively intercept this traffic. The vulnerability exposes confidentiality of data on the PLC bus; the actual impact depends on what sensitive information a particular trailer is transmitting. Most standard trailer ABS messaging presents minimal risk, but future designs using PLC for weight data, brake diagnostics, or network information could leak business intelligence or operational details.

What this means

What could happen

An attacker with a simple antenna can wirelessly eavesdrop on unencrypted trailer power line signals from 6–8 feet away, potentially exposing sensitive business or operational data such as weight information, brake diagnostics, or telematics if those systems use the PLC bus.

Who's at risk

Operators and manufacturers in the transportation, energy, and manufacturing sectors who deploy trailers with Power Line Communications (PLC) bus systems—especially those carrying air-weigh systems, advanced brake controllers, or telematics—should be concerned. This affects trailer manufacturers, fleet operators managing trailers with electronic braking or weight monitoring, and any organization transmitting proprietary operational or business data over trailer PLC networks.

How it could be exploited

An attacker positions an active antenna within 6–8 feet of a trailer and captures radiated PLC signals transmitted over the power line bus. No special credentials or network access are required; the signals are broadcast as electromagnetic emissions. The attacker decodes the captured signals to read data being transmitted between trailer ECUs.

Prerequisites

Physical proximity to trailer (6–8 feet or potentially farther with improved receivers)
Active antenna or radio receiver tuned to PLC frequency band
No credentials or special permissions needed—signals are passively radiated
Environmental conditions favorable for signal reception

No authentication requiredLow complexity to exploit (antenna + receiver)Physically proximity required but easily accessible in open environmentsNo patch available for existing deploymentsAffects data confidentiality of potentially sensitive operational or business intelligenceRadiated emissions uncontrolled by default design

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Power Line Communications Bus / PLC4TRUCKS / J2497: All trailer power line communications are affectedAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGAudit all trailer PLC bus deployments to identify what data is actually being transmitted (e.g., ABS faults, weight information, telematics)

HARDENINGAssess the confidentiality sensitivity of each PLC data stream; flag any that carries business intelligence, weight/scale data, or network information that should remain private

Mitigations - no patch available

0/3

Power Line Communications Bus / PLC4TRUCKS / J2497: All trailer power line communications are affected has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGFor future trailer designs or retrofits, implement PLC bus mitigation by reducing radiated emissions through shorter cable runs and lower transmit voltage

HARDENINGConsider encryption or alternative communication methods (e.g., wireless with proper security) for sensitive trailer data currently on the PLC bus, if replacement is feasible

HARDENINGEstablish procedures to monitor trailers for unauthorized RF emissions or eavesdropping attempts if sensitive data is present

CVEs (1)

CVE-2020-14514

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a14d4a60-b8d5-4685-ac88-61a1d8d850a8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.