216.73.217.172

T1695.001: Serial COM

View on MITRE ATT&CK The MITRE Corporation · Published 20/04/2026 22:54 · Modified 04/05/2026 16:52

Essential information

MITRE technique ID
T1695.001
Confidence
75/100
Revoked
No
Published
20/04/2026 22:54
Modified
04/05/2026 16:52
Author / Source
The MITRE Corporation

Description

Adversaries may block access to serial COM to prevent instructions or configurations from reaching target devices. Serial Communication ports (COM) allow communication with control system devices. Devices can receive command and configuration messages over such serial COM. Devices also use serial COM to send command and reporting messages. Blocking device serial COM may also block command messages and block reporting messages. A serial to Ethernet converter is often connected to a serial COM to facilitate communication between serial and Ethernet devices. One approach to blocking a serial COM would be to create and hold open a TCP session with the Ethernet side of the converter. A serial to Ethernet converter may have a few ports open to facilitate multiple communications. For example, if there are three serial COM available -- 1, 2 and 3 --, the converter might be listening on the corresponding ports 20001, 20002, and 20003. If a TCP/IP connection is opened with one of these ports and held open, then the port will be unavailable for use by another party. One way the adversary could achieve this would be to initiate a TCP session with the serial to Ethernet converter at 10.0.0.1 via Telnet on serial port 1 with the following command: telnet 10.0.0.1 20001.

Kill chain phases

Kill chainPhase
mitre-ics-attack inhibit-response-function
mitre-ics-attack-v19 inhibit-response-function

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references