Explore a comprehensive security analysis of the CODESYS framework for PLC control in this 30-minute conference talk by Alexander Nochvay, Security Researcher at Kaspersky. Delve into Runtime weaknesses, PDU Protocol model disadvantages, and other critical issues affecting industrial cybersecurity. Gain insights into component-based architecture, proprietary protocols, and potential vulnerabilities in the CODESYS ecosystem. Learn about code analysis techniques and potential mitigation strategies for enhancing PLC control security. Access accompanying slides for in-depth visual references and expand your knowledge on industrial cybersecurity through additional resources provided by Kaspersky.
The Fall of CODESYS - Researching Security of the Framework for PLC Control
Overview
Syllabus
Intro
What is Runtime
Componentbased architecture
Component manager
System components
Unpacking
Proprietary protocol
Protocol stack
Processing
Additional fields
Tree topology
Final service level
Runtime vulnerability
Redirect traffic
UDP broadcast response
What can we do
Code analysis
Conclusion
Taught by
Kaspersky
Related Courses
-
Hacking Mitsubishi PLC Without Access To Firmware
-
PLC-Blaster - A Worm Living Solely in the PLC
-
Process Control Through Counterfeit Comms - Using and Abusing Built-In Functionality to Own a PLC
4.0 -
ICS SCADA Security Analysis of a Beckhoff CX5020 PLC
-
Going Deeper Into Schneider Modicon PAC Security
-
Rogue7 - Rogue Engineering-Station Attacks on S7 Simatic PLCs
