Reversing Industrial Protocols – Real World Use Cases
2018-12-28, 17:30–18:30, ChaosZone Stage @ 35c3
Language: English

Most PLC protocols are old (older than the entire Ethernet protocol) and by their very nature insecure. I will not be discussing the “known” industrial protocols, such as S7com, TwinCAT and modbusTCP etc … in large detail, but rather the lesser known variants that are used to actually control and/or configure these devices.

Almost every single use case and demonstration during this session are actually zero days and will remain zero days. Since it is a “normal” use of the (unauthenticated protocols) and these devices remain untouched for 20 to 30 years, it is practically impossible to “update the protocols” without closing down a million dollar factory for like a year or so.

We will demonstrate vulnerabilities on Siemens and Beckhoff PLC's. Both patched and non patched (as part of the protocol).