PLC Code-Level Vulnerabilities

Serhane, Abraham; Raad, Mohamad; Raad, Raad; Susilo, Willy

doi:10.1109/comapp.2018.8460287

Cited by 19 publications

(12 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By that operators would not notice the problem since a malicious code is going stealthy and unnoticed way; i.e. recognizing threats after the damage occurs [17]. • Fake outcomes: occurs when PLC code skips certain rungs or parameters; e.g.…”

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…8, if they are duplicated in more than one rung, their values will be unpredictable, affecting the logic code and the process controlled by it. Also, that will make it harder to debug the code and find or identify the problem [17]. • Unused tags: defining tags in the controller database that are not used in the logic could increase the level of threats; especially if the tags are not driven by a well-defined ladder logic.…”

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…Fig. 9 shows a way to correct such scenario; making sure Outputs instructions are properly energized [17] the value of Y2 is driven by clear well-defined logic [17] (Fig. 10).…”

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…Fig. 13 shows a solution to protect "SourceB" value by constantly moving the real-time value of the counter into it [17] (Fig. 14).…”

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…DeviceNet bus with scanner reduces wiring[16] Duplicating OTE operand[17] The logic is missing related inputs that feed Y2[17] …”

mentioning

confidence: 99%

See 4 more Smart Citations

Programmable logic controllers based systems (PLC-BS): vulnerabilities and threats

Serhane

Raad

et al. 2019

SN Appl. Sci.

Self Cite

View full text Add to dashboard Cite

This paper provides a review of the state-of-the-art of major Programmable Logic Controller (PLC) based devices along with their security concerns. It discusses, mainly, the threats and vulnerabilities of PLCs and associated field devicesincluding local industrial networks. As PLC-BS are becoming more integrated and interconnected with other complex systems and open source solutions, they are becoming more vulnerable to critical threats and exploitations. Little attention and progress have been made in securing such devices if compared to that of securing overall Industrial Control Systems. This review shows the fact that major PLC based devices have several vulnerabilities and are insecure by design-firmware, code, or hardware. This paper suggests policies, recommendations, and countermeasures to secure PLC-BS. Securing PLC-BS is vital and crucial since a compromised PLC-BS would lead to significant financial loss and safety risks that could endanger human lives or the environment.

show abstract

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…Fig. 9 shows a way to correct such scenario; making sure Outputs instructions are properly energized [17] the value of Y2 is driven by clear well-defined logic [17] (Fig. 10).…”

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…Fig. 13 shows a solution to protect "SourceB" value by constantly moving the real-time value of the counter into it [17] (Fig. 14).…”

Section: Plc Code Vulnerabilitiesmentioning

confidence: 99%

“…DeviceNet bus with scanner reduces wiring[16] Duplicating OTE operand[17] The logic is missing related inputs that feed Y2[17] …”

mentioning

confidence: 99%

See 3 more Smart Citations

Programmable logic controllers based systems (PLC-BS): vulnerabilities and threats

Serhane

Raad

et al. 2019

SN Appl. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

Validation of ICS Vulnerability Related to TCP/IP Protocol Implementation in Allen-Bradley Compact Logix PLC Controller

Pavesi

Villegas

Perepechko³

et al. 2019

Communications in Computer and Information Science

View full text Add to dashboard Cite

Industrial Control Systems (ICS) research and testing process was implemented to validate the existence of a well known security vulnerability in a Rockwell Automation Allen-Bradley Compact Logix PLC controller. The study was conducted considering a public advisory from the manufacturer, which includes a large list of families of affected products by the vulnerability. The established hypothesis of the study considered the existence of the vulnerability in a specific available PLC model, included by Rockwell Automation manufacturer in the list of affected products. An exploit was developed and multiple testing was performed to trigger the vulnerability.Testing methodology and results indicates there is sufficient evidence to establish that Rockwell Automation Allen-Bradley Compact Logix 5370 L2 controllers, are not affected by the same type of Improper Input Validation vulnerability, than the Compact Logix 5370 L3 controllers, as it was stated by the manufacturer in a public advisory.

show abstract

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Sudheerbabu,

Ahmad,

Truscan

et al. 2023

CyberSecurity in a DevOps Environment

View full text Add to dashboard Cite

PLC Code-Level Vulnerabilities

Cited by 19 publications

References 3 publications

Programmable logic controllers based systems (PLC-BS): vulnerabilities and threats

Programmable logic controllers based systems (PLC-BS): vulnerabilities and threats

Validation of ICS Vulnerability Related to TCP/IP Protocol Implementation in Allen-Bradley Compact Logix PLC Controller

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Contact Info

Product

Resources

About