Overview
Explore a comprehensive security analysis of the CODESYS framework for PLC control in this 30-minute conference talk by Alexander Nochvay, Security Researcher at Kaspersky. Delve into Runtime weaknesses, PDU Protocol model disadvantages, and other critical issues affecting industrial cybersecurity. Gain insights into component-based architecture, proprietary protocols, and potential vulnerabilities in the CODESYS ecosystem. Learn about code analysis techniques and potential mitigation strategies for enhancing PLC control security. Access accompanying slides for in-depth visual references and expand your knowledge on industrial cybersecurity through additional resources provided by Kaspersky.
Syllabus
Intro
What is Runtime
Componentbased architecture
Component manager
System components
Unpacking
Proprietary protocol
Protocol stack
Processing
Additional fields
Tree topology
Final service level
Runtime vulnerability
Redirect traffic
UDP broadcast response
What can we do
Code analysis
Conclusion
Taught by
Kaspersky