Penetration Testing mailing list archives

Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7

From: "Nasir Farhat Khan" <nasir () instecdigital com>
Date: Fri, 28 Sep 2001 10:52:18 +0500

If the PLC is on TCP/IP you can check whether it supports SNMP. Some of the
PLCs use SNMP for management. We have seen Allen Bradley
devices popping up with SNMP management turned up on of our pentests.

One more possiblity is that you can get hold of the PC programs that are
used to program the PLCs i.e. the Loader or Ladder Logic/Graphic programming
since most of the PLCs have little or no authentication barriers in terms of
login names and passwords you can get hold of the running configuration etc.

IMPORTANT:

DO NOT TO TRY this in a production environment. PLCs are used to control
production equipment (machinery) and consequences can be very dangerous and
life
threatenting.

Nasir Farhat Khan
nasir () instecdigital com
Instec Digital Systems - PAKISTAN

www.instecdigital.com


----- Original Message -----
From: "Patrick Coomans" <Patrick.Coomans () 4all be>
To: ">" <@securityfocus.com <pen-test () securityfocus com>
Sent: Tuesday, September 25, 2001 11:14 PM
Subject: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7


I have a project for which I will have to pen-test Siemens PLC's that drive
production processes and do data aquisition.

Is there anyone who has literature on this or done this before?

The PLC's use TCP/IP so that will be the first thing I will go for, but most
of the PLC's are simply connected to a propriary bus system (e.g. Interbus)
which in turn is connected to a PC.  So attacking the "Data Aquisition and
Visualisation PC" as a backdoor to the PLC would be my second option.

Thanks,
Patrick



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 or S7 Patrick Coomans (Sep 25)
- Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7 Nasir Farhat Khan (Sep 28)