Investigating Current PLC Security Issues Regarding Siemens S7 Communications and TIA Portal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1015 Downloads (Pure)

Abstract

Programmable Logic Controllers (PLCs) are the essential components in many Industrial Control Systems that control physical processes. However, in recent years the security flaws of these devices have come under scrutiny, particularly since the widely discussed Stuxnet attack. To help the industry state-of-the-art to move forward and to provide information required to improve the security for these controllers, this work investigates potential exploits of the Siemens S7-1211C controllers and the Totally Integrated Automation (TIA) engineering software. Using Windbg and Scapy, the anti-replay mechanism of the Siemens proprietary communication protocol, S7CommPlus, and the Profinet Discovery and Basic Configuration Protocol are found to be vulnerable. Attacks like session stealing, phantom PLC, cross connecting controllers and denial of S7 connections are demonstrated. The lack of authentication and consequent exploitation of the S7-ACK packet, an application layer packet for the S7CommPlus protocol, is highlighted as a key issue in this investigation.
Original languageEnglish
Title of host publication5th International Symposium for ICS & SCADA Cyber Security Research 2018: Proceedings
PublisherBCS
Pages67-73
Number of pages7
DOIs
Publication statusPublished - Aug 2018
Event5th International Symposium for ICS & SCADA Cyber Security Research 2018 - Hamburg, Germany
Duration: 28 Aug 201830 Aug 2018

Conference

Conference5th International Symposium for ICS & SCADA Cyber Security Research 2018
CountryGermany
CityHamburg
Period28/08/201830/08/2018

Fingerprint Dive into the research topics of 'Investigating Current PLC Security Issues Regarding Siemens S7 Communications and TIA Portal'. Together they form a unique fingerprint.

Cite this