logo

Hacking PLCs and Causing Havoc on Critical Infrastructures

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses the vulnerabilities of Programmable Logic Controllers (PLCs) used in critical infrastructures and demonstrates attacks against different brands of PLCs, including two vulnerabilities discovered by the presenter.
  • PLCs are used in various industrial plants, including critical infrastructures, but little care was taken to raise defenses against potential cyber threats
  • The presenter discusses the architecture of a PLC and how it can be hacked
  • Live demonstration attacks against 3 different brands of PLCs are shown, including two vulnerabilities discovered by the presenter affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers
  • The presenter warns against sending deadly packets to PLCs, which can cause them to crash and become unrecoverable
  • The presenter advises against sending corrupted applications to PLCs, as it can render them useless
The presenter demonstrates how a PLC can be killed remotely by sending a bad Modbus packet, causing a buffer overflow and crashing the device. The device becomes unrecoverable even after power cycling and can only be fixed by reprogramming it with the latter logic. This vulnerability affects all MicroLogix 1400 series PLCs and should not be sent on the wild due to the high number of these PLCs in use.

Abstract

Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.

Materials:

Tags: