Possible attacks on a PLC

We will analyze a system with a Siemens S7 300 PLC with elements of distributed periphery, you can download the manual here. Highlight that among the components of the Automat, are:

  • Card SD
  • Connector for connection MPI (interface of step of messages)
  • Operation selector
  • Power supply input
  • Ethernet port.
  • Different LEDs.
PLC SIEMENS S7 300
PLC SIEMENS S7 300

Forms of sabotage such a machine will begin talking about the physical, that is, someone who has access to the can modify part of the programming, remove or modify the SD card or simply remove the feeding Automat. Without mentioning the destroy physically the own PLC, count with that the selector of operation has three positions (run, programming and erasing total). But where safety is really important, since they assume that anyone will notice of how to protect, it is when the automaton belongs to a plant connected to the Internet.

It may be that our automaton has an ethernet port, as it is the case with 312-DP, in principle. Are going to assume two situations, where have the Automat as part of a plant and when is used of form isolated as a RTU to control a particular process, as a system of irrigation, a building intelligent or cases similar. The difference between these two processes is important because imagine a plant of a factory where there are large number of machines for automation network. Normally there are computers to monitor or control such process in the event of a RTU being there are more machines on the LAN, or if they could, but the important thing is to connect via the Internet to know the functioning and not go on-site except for maintenance or troubleshooting.

In the first case where a computer within the LAN access our PLC, to avoid attacks we must be rigorous with the cyber-security of each computer. A possible computer with a Trojan could modify the parameters of our PLC. On the other hand, if we have our PLC isolated to a particular external to a factory control it is possible to access to the directly and reprogram it.

Inmotic there are similar cases in systems, Let’s imagine that we have a website that communicates with our PLC to turn on and turn off the lights for hours or to monitor the data. If our website is vulnerable can modify our schedules, but if it is vulnerable access to PLC (usually opens a port to reprogram) the damage would be even greater.

There is a case that we must treat with care, where our this Automat somewhere public, for example a restaurant, for automatic control of energy efficiency, and the network is common for our machine and bar customers. It is important to separate them and that is it more invisible as possible since we have a wifi publishes.

This would be applicable to other machines such as recorders, CCTV, IP cameras, network printers, antintrusismo systems…

Comment that I have taken my blog to the exercises of a course that I make in the Inteco.

Greetings and Geeking.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.