I'm pleased to announce our new paper has been published! This work discusses a technique, and subsequently presents a proof of concept, for scanning for vulnerabilities within PLC control logic. As I've mentioned through numerous talks and work recently, traditional enterprise focused reconnaissance, enumeration, and vulnerability scanning techniques are inadequate against OT and provide very little information on OT-specific vulnerabilities. This tool goes further than typical network scanning to understand where the control logic itself may have vulnerabilities. Read the paper here:

https://www.sciencedirect.com/science/article/pii/S0167404823000263

We hope this work is just the first step in tooling to improve the state of in-PLC vulnerabilities and PLC programming practices, greatly reducing the exploitability of OT moving forward.

#otcybersecurity #icscybersecurity #icssecurity #plcprogramming #cybersecurity

.@seeedstudio EdgeBox-ESP-100 #ESP32-S3 controller can be programmed with the ESP-IDF framework and will soon be supported by Codesys and OpenPLC. #industrial #PLC #PLCprogramming #scada
https://www.cnx-software.com/2022/12/21/edgebox-esp-100-esp32-s3-industrial-controller-with-rs485-can-bus-dio-4g-lte/

Original tweet : https://twitter.com/cnxsoft/status/1605475408966692864