Penetration Testing mailing list archives
Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7
From: "Patrick Coomans" <Patrick.Coomans () 4all be>
Date: Fri, 28 Sep 2001 19:25:32 +0200
Have you already tried launching a DOS attack against an Allen Bradley PLC? I only have Siematic PLC's here with me to play with. Thx, Patrick
"Nasir Farhat Khan" <nasir () instecdigital com> 28/09/01 07:52 >>>
If the PLC is on TCP/IP you can check whether it supports SNMP. Some of the PLCs use SNMP for management. We have seen Allen Bradley devices popping up with SNMP management turned up on of our pentests. One more possiblity is that you can get hold of the PC programs that are used to program the PLCs i.e. the Loader or Ladder Logic/Graphic programming since most of the PLCs have little or no authentication barriers in terms of login names and passwords you can get hold of the running configuration etc. IMPORTANT: DO NOT TO TRY this in a production environment. PLCs are used to control production equipment (machinery) and consequences can be very dangerous and life threatenting. Nasir Farhat Khan nasir () instecdigital com Instec Digital Systems - PAKISTAN www.instecdigital.com ----- Original Message ----- From: "Patrick Coomans" <Patrick.Coomans () 4all be> To: ">" <@securityfocus.com <pen-test () securityfocus com> Sent: Tuesday, September 25, 2001 11:14 PM Subject: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7 I have a project for which I will have to pen-test Siemens PLC's that drive production processes and do data aquisition. Is there anyone who has literature on this or done this before? The PLC's use TCP/IP so that will be the first thing I will go for, but most of the PLC's are simply connected to a propriary bus system (e.g. Interbus) which in turn is connected to a PC. So attacking the "Data Aquisition and Visualisation PC" as a backdoor to the PLC would be my second option. Thanks, Patrick ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7 Patrick Coomans (Sep 28)
- Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7 Ted Doty (Sep 29)
- Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5orS7 Nasir Farhat Khan (Sep 29)