Fuzzing and Breaking Security Functions of SIMATIC PLCs

Explore advanced techniques for exploiting vulnerabilities in Siemens S7-1500/S7-1200 PLCs in this 29-minute Black Hat conference presentation. Delve into cracking TLS secure communication protocols, conducting security protocol fuzzing tests, and analyzing high-risk vulnerabilities. Learn how to create a rogue engineer station capable of controlling S7-1500 PLCs with the latest firmware, enabling sensitive operations like run, stop, project upload, and control logic modification. Discover the process of designing and implementing fuzzing for TLS secure communication protocols, and utilize fuzzing tools to uncover S7+ crash vulnerabilities. Gain insights into the workflow of TLS secure communication protocols, certificate usage and storage, and their relationship with the S7CommPlus protocol.