Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ICS SCADA Security Analysis of a Beckhoff CX5020 PLC

nullcon via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a conference talk on ICS SCADA security analysis of the Beckhoff CX5020 PLC, presented at nullcon Goa 2015. Delve into the vulnerabilities of this modern PLC, which runs on a customized Windows CE 6.0 and uses Industrial Ethernet (EtherCat) for communication. Discover how rights to control the PLC program and operating system can be obtained without extensive penetration testing knowledge. Examine the challenges of securing ICS systems as standard platforms and TCP/IP-encapsulated SCADA protocols introduce hidden features and potential risks. Learn about the design and structure of SCADA systems, TwinCAT devices, and system control on the CX5020. Investigate security analysis results, including vulnerabilities in Telnet, webserver virtual directory, and SCADA services. Understand the ADS search process for devices, creation of ADS routes, and complete message flow. Explore possible attacks, including those on mschapv2, and gain insights into advisory recommendations for suppliers in the industrial control systems sector.

Syllabus

Introduction
Security of SCADA devices
Design and Structure of a SCADA system
Operating system
TwinCAT Devices
System Control on CX5020
Security Analysis Results
Telnet
Webserver: Virtual Directory
SCADA Service
Test Setup
ADS Search for Devices
Search Devices
Creation of an ADS route
Complete Message Flow
Possible Attacks
Attack mschapv2
Advisory for Suppliers

Taught by

nullcon

Reviews

Start your review of ICS SCADA Security Analysis of a Beckhoff CX5020 PLC

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.