« Back

Researchers Release New Programmable Logic Controller Vulnerabilities

Security researchers have released new modules found to exploit common design vulnerabilities in programmable logical controllers (PLCs), which are used to control industrial infrastructure. Project Basecamp, a volunteer group whose mission is to expose security holes in industrial control system software, has released the exploits to the Metasploit open platform. Schneider Electric makes the Modicon Quantum programmable logic controllers, which were the focus of the research, says Digital Bond, a private consulting firm that sponsors Project Basecamp. The system can be hacked, they say, because there is no authentication required of any computer that mightcommunicate with it nor are any commands issued to the PLC, which means malicious code could be easily sent to the system. This particular system costs roughly US$10,000 and is used in manufacturing facilities, water and wastewater management plants, oil and gas refineries, and chemical production facilities. The researchers have made two previous releases. Programmable logic controllers are found across a wide range of industries, including controls for critical infrastructure such as power generation and water treatment. The vulnerabilities of PLCs came to the fore in the wake of the Stuxnet worm attacks on nuclear centrifuges in Iran. Digital Bond reportedly said that it released these exploits to demonstrate that vendors, whom they say have long neglected these types of issues, need to provide secure PLCs. (Ars Technica)(Wired)(Threat Post)

Trackback URL: