Authors:
Gregor Bonney
;
Hans Hoefken
;
Benedikt Paffen
and
Marko Schuba
Affiliation:
University of Applied Sciences, Germany
Keyword(s):
ICS, SCADA, Security, Vulnerability, Beckhoff, CX5020, PLC.
Related
Ontology
Subjects/Areas/Topics:
Communication and Software Technologies and Architectures
;
Computer-Supported Education
;
e-Business
;
Energy and Economy
;
Enterprise Information Systems
;
Information Technologies Supporting Learning
;
Mobile and Pervasive Computing
;
Security and Privacy
;
Sustainable Computing and Communications
;
Telecommunications
Abstract:
A secure and reliable critical infrastructure is a concern of industry and governments. SCADA systems
(Supervisory Control and Data Acquisition) are a subgroup of ICS (Industrial Control Systems) and known
to be well interconnected with other networks. It is not uncommon to use public networks as transport route
but a rising number of incidents of industrial control systems shows the danger of excessive crosslinking.
Beckhoff Automation GmbH is a German automation manufacturer that did not have bad press so far. The
Beckhoff CX5020 is a typical PLC (Programmable Logic Controller) that is used in today’s SCADA
systems. It is cross-linked through Ethernet and running a customized Windows CE 6.0, therefore the
CX5020 is a good representative for modern PLCs which have emerged within the last years that use de
facto standard operation systems and open standard communication protocols. This paper presents
vulnerabilities of Beckhoff’s CX5020 PLC and shows ways to achieve rights to control
the PLC program
and the operation system itself. These vulnerabilities do not need in-depth knowledge of penetration testing,
they demonstrate that switching to standard platforms brings hidden features and encapsulating SCADA
protocols into TCP/IP might not always be a good idea – underlining that securing ICS systems is still a
challenging topic.
(More)