July 30, 2018 | Written by: Doron Maman

#CRITIFENCE, #Cyber, #Security, #cybersecurity, #SCADA, #ICS, #OT, #IioT, #CI, #Critical, #Infrastructure, #criticalinfrastructure

STOP M221 (TM221ME16T) and M340 (BMXP342020) PLCs Proof-Of-Concept (PoC) by using a Remote Authentication Bypass Vulnerabilities (CVE-2017-6032, CVE-2017-6034 / ICSA-17-101-01 / SEVD-2017-065-01)

PLC or Programmable Logic Controller is an hardware equipment and the heart of wide range of critical infrastructure, SCADA and industrial control systems. PLC receives information from connected sensors or input devices, processing the data, and triggering outputs based on pre-programmed parameters.

Depending on the inputs and outputs, a PLC can monitor and record run-time data such as machine productivity or operating temperature, automatically start and stop processes, generate alarms if a machine malfunctions, and more.

In this PoC we will demonstrate the use of UMASploit PLC Exploitation Framework to STOP the runtime process of a target PLC remotely. This will stop the running process of the PLC and its running ladder diagram which is part from the PLC runtime process.

The name UMASploit derived from the UMAS protocol. UMAS is a “secret” Kernel level protocol and an administrative control layer used in Unity series PLC and Unity OS from 2.6. (and in other products as well), it relies on the Modicon Modbus protocol, a common protocol in Critical Infrastructure, SCADA and industrial control systems and used to access both unallocated and allocated Memory from PLC to SCADA system.

For more information about CRITIFENCE® Cyber Security Solution for Critical Infrastructure,
SCADA and Industrial Control Systems and the SCADADome solution, download SCADADome Solution White Paper.