Process Control through Counterfeit Comms

Explore the vulnerabilities of Programmable Logic Controllers (PLCs) in industrial settings through this BruCON Security Conference talk. Delve into the investigation of a well-known PLC, uncovering methodologies for discovering weaknesses and demonstrating how combining minor vulnerabilities can lead to complete device takeover. Learn about PLC communication protocols, device configuration, and the potential risks associated with SNMP enablement. Discover techniques for rebooting PLCs, manipulating memory modules, and creating modified firmware. Gain insights into the impact of these vulnerabilities on industrial control systems and the importance of securing critical infrastructure against malicious actors.

Intro
INTRODUCTION
PROJECT ORIGIN
PROJECT GOALS
PLC - MICROLOGIX 1400
PLC - KEYSWITCH STATES
PLC - COMMUNICATION PROTOCOLS
PLC - PCCC STRUCTURE
PLC - DEVICE CONFIGURATION
ENABLING SNMP - REASONS & REQUIREMENTS
ENABLING SNMP - GET CURRENT CONFIG
ENABLING SNMP - REBUILD CONFIG
REBOOTING THE PLC - REASONS & REQUIREMENTS
REBOOTING THE PLC - CRASH RECOVERY
MEMORY MODULE - REASONS & REQUIREMENTS
MEMORY MODULE - LOAD ON ERROR
MEMORY MODULE - WRITE NEW CONFIG
MEMORY MODULE - CONFIG VERIFICATION
MEMORY MODULE - STORE PROGRAM
MODIFIED FIRMWARE - CREATION
FLASHING FIRMWARE - SNMP BACKDOOR
FLASHING FIRMWARE - SNMP REBOOT
IMPACT