Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5orS7

["Nasir Farhat Khan" <nasir () instecdigital com>]

IMPORTANT:

DO NOT TO TRY this in a production environment. PLCs are used to control
production equipment (machinery) and consequences can be very dangerous and
life threatenting.

My apologies for repeating the warning message. Unlike the PC servers and
network equipment malfunction in PLCs and control equipment can be quite
devastating. Most of the time Control System networks are segregated from
office network just because of this reason.

Most PLCs and their Communication processors have very little CPU memory so
it would be fairly easy to do a DoS with a result that it wont be able to
update the GUI with current values or it may simply go down.

In control systems "Loss of View" condition where operators are unable to
view
plant data is seen as a very "Critical Situation".

I checked the S5 datasheets on the inernet and it seems that it does support
TCP/IP and SNMP. In addition to this it also supports RS485 (which is a
multidrop network and can connect to multiple nodes, including your notebook
containing programming software).

Nasir
nasir () instecdigital com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/