Explore a comprehensive analysis of security vulnerabilities in Siemens industrial control systems, focusing on Simatic S7 PLCs and their communication with engineering stations and SCADA HMIs. Delve into the architecture's claimed security measures against sophisticated attacks, and uncover how even the latest versions remain susceptible to exploitation. Examine the S7 protocol, program cycle objects, and cryptographic primitives used in these systems. Learn about reverse engineering techniques, runtime type information, and witness a demonstration of potential attack vectors. Gain insights into the implications of these vulnerabilities for industrial cybersecurity and the ongoing challenges in securing critical infrastructure against evolving threats.
Rogue7 - Rogue Engineering-Station Attacks on S7 Simatic PLCs
Overview
Syllabus
Intro
Overview
The PLC
Stuxnet
Engineering Workstation
S7 1500
S7 1200
S7 Protocol
S7 Ring
Program Cycle Object
Two Simple Programs
Malicious Program
Legal Flow
Description
Setup Phase
Raw Engineering Station
Conclusion
Cryptographic Primitive
PLC Public Key
PLC Ring
Reverse Engineering Tips
Runtime Type Information
Demonstration
Taught by
Black Hat
Related Courses
-
Breaking Siemens SIMATIC S7 PLC Protection Mechanism
-
Industrial Control Systems - Pentesting PLCs 101
-
Industrial Control Systems - Pentesting PLCs 101
-
PLC-Blaster - A Worm Living Solely in the PLC
-
A Decade After Stuxnet - How Siemens S7 is Still an Attacker's Heaven
-
PLC-Blaster - A Worm Living Solely in the PLC
