Siemens PLC (in-)Security
A lot of people think that the PLC security is really high. That’s something that we have ear continnuosly year after year and it’s something that it’s in the current collective thinking.
The reality it’s as always something less ideal. The Siemens PLC are really devices not designed to work in an insecure environment. So It you have access to the network where the PLC is operating, you can make whatever you want on that PLC.
As an example in 10 minutes you can get a fast preview of targets around the world with Siemens PLC connected to Internet (in one or another way).
The information that you can get directly from internet is the basic information of each target. That information is enough to make a direct attack without to loose a minute.
For example that’s the information for one of that more that 2.000 targets listed before:
I obviously hide the IP of this example to do not people bad ideas.
Once we get the IP and we know exactly the CPU type (in this case a CPU 315-2) we can make any operation on that PLC. Some examples of the operations I can make with this PLC:
- Stop de PLC
- Reset or delete any module
- Change the program or the data running on the PLC
- Debug the PLC
- Change the memory of the PLC
On summary, the PLC is completely compromised.
To be clear, a lot of companies don´t have a clear picture of the different IoT devices in the network that will be perfect targets for any hacker with knowledge. If additionally that devices are directly connected to internet you are compromising business process as well as putting in risk the security of your facilities at a minimum.