Explore a conference talk on ICS SCADA security analysis of the Beckhoff CX5020 PLC, presented at nullcon Goa 2015. Delve into the vulnerabilities of this modern PLC, which runs on a customized Windows CE 6.0 and uses Industrial Ethernet (EtherCat) for communication. Discover how rights to control the PLC program and operating system can be obtained without extensive penetration testing knowledge. Examine the challenges of securing ICS systems as standard platforms and TCP/IP-encapsulated SCADA protocols introduce hidden features and potential risks. Learn about the design and structure of SCADA systems, TwinCAT devices, and system control on the CX5020. Investigate security analysis results, including vulnerabilities in Telnet, webserver virtual directory, and SCADA services. Understand the ADS search process for devices, creation of ADS routes, and complete message flow. Explore possible attacks, including those on mschapv2, and gain insights into advisory recommendations for suppliers in the industrial control systems sector.
ICS SCADA Security Analysis of a Beckhoff CX5020 PLC
Overview
Syllabus
Introduction
Security of SCADA devices
Design and Structure of a SCADA system
Operating system
TwinCAT Devices
System Control on CX5020
Security Analysis Results
Telnet
Webserver: Virtual Directory
SCADA Service
Test Setup
ADS Search for Devices
Search Devices
Creation of an ADS route
Complete Message Flow
Possible Attacks
Attack mschapv2
Advisory for Suppliers
Taught by
nullcon
Related Courses
-
The Year in Which We Cannot Ignore SCADA
-
Securing ICS-SCADA Systems
-
The Sum of All Fears - When ICS - SCADA Are Compromised
-
100 Bugs in 100 Days - An Analysis of ICS - SCADA Software
-
Exfiltrating Reconnaissance Data from Air-Gapped ICS - SCADA Networks
-
Red Team vs. Blue Team Exercises for ICS - SCADA Security
