‘Evil PLC’ Could Turn PLCs Into Attack Vectors

 

When one thinks of someone hacking a programmable logic controller, one usually think of the PLC as the end objective of the assault. Adversaries use other systems to get at what will eventually allow them to cause industrial damage. 
However, a Claroty Team 82 DefCon presentation asks the following question: what if someone exploited a PLC as a vector rather than the destination? The researchers feel that the “Evil PLC” attack scenario is novel: infecting every engineer who interfaces with a PLC with malicious malware. 
Claroty revealed a series of 11 additional vendor-specific vulnerabilities that would allow the attack as proof of concept. These flaws have been discovered in Ovarro TBOX, B&R (ABB) X20 System, Schneider Electric Modicon M340 and M580, GE MarkVIe, Rockwell Micro Control Systems, Emerson PACSystems and Xinje XDPPro platforms. All but the Emerson were issued CVEs. Claroty came up with the notion after trying to learn more about the opponents that attack their honeypots.
“We asked ourselves, how can we actively attack the attackers? We don’t know anything about them. We cannot find them,” said Claroty director of research Sharon Brizinov. “And then we kind of had a eureka moment and we thought, okay, what if the PLC was to be weaponized?”
Claroty used a ZipSlip attack against vendors (Emerson, Ovarro, B&R, GE,

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article:

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!