PLCs are a Hacking Target: Security Help for Manufacturers

Programmable Logic Controllers (PLCs) are a very important component of today’s highly automated manufacturing industry. PLCs are used in a variety of manufacturing processes to increase efficiency, reduce defects, and increase product quality. Unfortunately PLCs are increasingly coming under attack from cyber criminals. Two recent exploits on PLCs have come to light that may create huge risks to those systems.  One involves password cracking and the other uses internet-facing PLCs as an entry point.

Password Cracking

Hackers are using password-cracking software to seize control of PLCs and co-opt the machines to a botnet.  CVE-2022-2003 is the specific exploit that involves cleartext transmission of sensitive data that could lead to information disclosure and unauthorized changes. This hacking method impacts several vendor PLCs, human-machine interfaces (HMIs), and project files including: Automation Direct, Omron, Siemens, ABB Codesys, Delta Automation, Fuji Electric, Mitsubishi Electric, Schneider Electric's Pro-face, Vigor PLC, Weintek, Rockwell Automation's Allen-Bradley, Panasonic, Fatek, IDEC Corporation, and LG.

“Evil PLC”

Yet another PLC attack is in the news.  Called “Evil PLC” attackers may use internet-facing PLCs as an entry point, then pivot to Engineering workstations connected to those PLCs and breach the rest of the network.  Engineering software from seven manufacturers was noted to be vulnerable: B&R, Emerson, GE, OVARRO, Rockwell Automation, Schneider Electric and Xinje

Help and Remediation

While these threats are relatively new, attacks on PLCs have been happening for years. Thankfully there are a number of steps you can take to protect your environment and reduce your risk:

‍

• Patching - Make sure your systems are patched and up to date. Utilize a patch management system to help automate this critical process.
• Vulnerability Management - Implement a risk-based vulnerability management system to identify and prioritize threats in your environment.
• Internal Network segmentation -  By routing all internal network traffic through a security device, you can monitor and prevent threats from moving laterally through your environment.
• Encryption - Encrypt traffic between engineering workstations and PLCs to help reduce the cleartext info an attacker may use
• Detection and Response - Implement systems that monitor behavior and alert on suspicious activity

‍

If you have questions about these or other attacks on PLCs, how to find out what machines might be affected, or other questions about security in manufacturing, please reach out. NetWorks Group has been helping manufacturers secure their environments for over 25 years. We have tools and services that can help identify threats like these in your environment and provide risk-informed guidance on remediation and containment.

‍

###

‍

Authored By: Scot Armstrong, Account Manager, NetWorks Group

Publish Date: September 14, 2022