PLC Code-Level Vulnerabilities

Code vulnerabilities in the ladder logic of PLCs (Programmable Logic Controllers) have not been sufficiently addressed in the literature. Most of the research related to PLC threats or attacks focuses on the hardware portion of ICS (Industrial Control Systems) or SCADA (Supervisory Control and Data Acquisition) systems such as: industrial components, peripheral devices, or networks. It does not adequately discuss PLC code-level vulnerabilities and attacks. This paper provides an overview of some critical vulnerabilities within the PLC ladder logic code or program and recommends corresponding steps or methods to keep PLCs safer and more secure. The paper focuses on ladder logic code vulnerabilities and weak points that might be exploited by malicious attacks. Those weak points could be a result of intentional malicious pieces of code embedded within the ladder logic code or inadvertent ones such as bad code practices or human errors.

[1]  Yi Mu,et al.  Securing DSR against wormhole attacks in multirate ad hoc networks , 2013, J. Netw. Comput. Appl..

[2]  Troy Nash,et al.  Backdoors and Holes in Network Perimeters , 2005 .

[3]  O. Andreeva,et al.  INDUSTRIAL CONTROL SYSTEMS VULNERABILITIES STATISTICS , 2016 .

[4]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[5]  Csilla Farkas,et al.  Software security: Application-level vulnerabilities in SCADA systems , 2011, 2011 IEEE International Conference on Information Reuse & Integration.

[6]  Yi Mu,et al.  Multirate DelPHI to secure multirate ad hoc networks against wormhole attacks , 2018, J. Inf. Secur. Appl..

[7]  Zhenfei Zhang,et al.  Mobile ad-hoc network key management with certificateless cryptography , 2008, 2008 2nd International Conference on Signal Processing and Communication Systems.