Rogue7 - Rogue Engineering-Station Attacks on S7 Simatic PLCs

Explore a comprehensive analysis of security vulnerabilities in Siemens industrial control systems, focusing on Simatic S7 PLCs and their communication with engineering stations and SCADA HMIs. Delve into the architecture's claimed security measures against sophisticated attacks, and uncover how even the latest versions remain susceptible to exploitation. Examine the S7 protocol, program cycle objects, and cryptographic primitives used in these systems. Learn about reverse engineering techniques, runtime type information, and witness a demonstration of potential attack vectors. Gain insights into the implications of these vulnerabilities for industrial cybersecurity and the ongoing challenges in securing critical infrastructure against evolving threats.

Intro
Overview
The PLC
Stuxnet
Engineering Workstation
S7 1500
S7 1200
S7 Protocol
S7 Ring
Program Cycle Object
Two Simple Programs
Malicious Program
Legal Flow
Description
Setup Phase
Raw Engineering Station
Conclusion
Cryptographic Primitive
PLC Public Key
PLC Ring
Reverse Engineering Tips
Runtime Type Information
Demonstration