Overview
Explore the intricacies of hacking Mitsubishi PLCs without firmware access in this 39-minute conference talk from Nullcon Goa 2023. Delve into the challenges faced when analyzing undocumented proprietary network protocols and discover innovative techniques for reconstructing protocols and finding vulnerabilities. Learn how documentation of similar protocols, error codes, vendor utilities, PLC simulators, and brute force methods can be leveraged to piece together crucial information. Gain insights into the discovery of multiple CVEs, with a detailed focus on CVE-2022-25161 and CVE-2022-25162. Understand the potential impact of these vulnerabilities on industrial systems and broaden your knowledge of firmware analysis, Mitsubishi PLCs, and industrial cybersecurity.
Syllabus
Hacking Mitsubishi PLC Without Access To Firmware by Anton Dorfman | Nullcon Goa 2023
Taught by
nullcon