- About Goa'15
- Blackshield Awards
- Job Fair
- CXO Track
- About Speakers
- Hans Hoefken
FH Aachen, University of Applied Sciences (Germany)
ICS/SCADA SECURITY - ANALYSIS OF A BECKHOFF CX5020 PLC
A secure and reliable critical infrastructure is a concern of industry and governments. SCADA systems are a subgroup of industrial control systems (ICS) and known to be well interconnected with other networks. It is not uncommon to use public networks for transport and a rising number of incidents of ICS shows the danger of excessive crosslinking.
Beckhoff Automation GmbH is a German automation manufacturer that did not have bad press so far. The Beckhoff CX5020 is a typical PLC that is used in today's SCADA systems. It is cross-linked through Industrial Ethernet (EtherCat) and running a customized Windows CE 6.0, therefore the CX5020 is a good representative of modern PLCs which have emerged within the last years that use de facto standard operation systems and open standard communication protocols. This paper presents vulnerabilities of Beckhoff's CX5020 PLC and shows ways to achieve rights to control the PLC program and the operation system itself. These vulnerabilities do not need in-depth knowledge of penetration testing, they demonstrate that switching to standard platforms brings hidden features and encapsulating SCADA protocols into TCP/IP might not always be a good idea - underlining that securing ICS systems is still a challenging topic.