«A Widespread Logic Controller Flaw Raises the Specter of #Stuxnet» -
More than 120 models of Siemens’ S7-1500 PLCs contain a serious vulnerability—and no fix is on the way. #ICS #SCADA #ICSSecurity #PLCs https://www.wired.com/story/siemens-s7-1500-logic-controller-flaw/

R. Ma et al., "Towards Comprehensively Understanding the Run-time Security of Programmable Logic Controllers: A 3-year Empirical Study"¹

Programmable Logic Controllers (PLCs) are the core control devices in Industrial Control Systems (ICSs), which control and monitor the underlying physical plants such as power grids. PLCs were initially designed to work in a trusted industrial network, which however can be brittle once deployed in an Internet-facing (or penetrated) network. Yet, there is a lack of systematic empirical analysis of the run-time security of modern real-world PLCs. To close this gap, we present the first large-scale measurement on 23 off-the-shelf PLCs across 13 leading vendors. We find many common security issues and unexplored implications that should be more carefully addressed in the design and implementation. To sum up, the unsupervised logic applications can cause system resource/privilege abuse, which gives adversaries new means to hijack the control flow of a runtime system remotely (without exploiting memory vulnerabilities); 2) the improper access control mechanisms bring many unauthorized access implications; 3) the proprietary or semi-proprietary protocols are fragile regarding confidentiality and integrity protection of run-time data. We empirically evaluated the corresponding attack vectors on multiple PLCs, which demonstrates that the security implications are severe and broad. Our findings were reported to the related parties responsibly, and 20 bugs have been confirmed with 7 assigned CVEs.

#ResearchPapers #arXiv #SCADA #ICS #PLCs

__
¹ https://arxiv.org/abs/2212.14296

I mean, I 'can' do #tech to a certain level... I worked as a maintenance engineer in industry for a while, I know 1990s #PLCs #Programmablelogiccontrollers , basic industrial #instrumentation #electrics I can replace #electronic components, I can build a #pc and work my way around #DOS on 90s builds. I can use #synths and a #DAW #sequencer

I'm just not hot on the #software side of things. I can do 'settings' 🤣

#Ukraine-#Russia #CyberWarfare is evolving and Kyiv is winning.
@ITArmyUKR
targets #SCADA #PLCs and #Anonymous’ #OpRussia hit every day with #DDoS. Moscow hackers have too many targets and are less effective. #CyberSecurity #infosec H/T
@Cyberknow20
https://www.difesaesicurezza.com/en/cyber-en/ukraine-russia-cyber-warfare-is-evolving-and-kyiv-is-winning/