Can RSLogix be used to emulate a AB PLC

kihtrak

Member
Join Date
Apr 2016
Location
Fullerton
Posts
16
Hello there,
Is it possible to use RSLogix series to actually emulate a Allen Bradley PLC?
To touch base, we're trying to find the vulnerabilities in the (communication) protocols followed by AB PLC. So, can we use the RSLogix to accomplish that we intend to?
If not, could you also please suggest a better way to do this.
 
I recommend demo PLCs you can use in a "lab" style setting. That would be a better proof of concept that the PLCs work and better focus if it's a network issue or something else.
 
Each of the RSLogix/Studio flavors has it's own emulator. RSLogix 5 uses Emulate 5, RSLogix 500 uses Emulate 500, and RSLogix 5000/Studio 5000 uses Emulate 5000. Emulate 5/500 are very simple to use, but are the most limited. Last time I checked, you can't make online edits, however, making changes offline and then running again doesn't take very long. I use emulate 5000 all of the time and for the majority of what I need to test it's good. Just like the programming software you will need the correct version of emulate to match the major rev of the processor you are testing. For emulate 5000 there are some missing holes, meaning Rockwell didn't release an emulate version for each processor version. I think the latest emualte is 28, I haven't checked in a while.
 
PC-based emulators and "soft logic" controllers rely on the Windows IP stacks and protocol implementations, while true hardware controllers have a totally different operating system and implementation.

Most vulnerabilities are found at the OS level, not at the application level.

So if you're doing penetration testing or vulnerability testing, it's almost meaningless to do it on an emulator.

Look at any of the published vulnerabilities from ICS-CERT that relate to PLCs from any vendor. I'm not aware of any of them that apply to both the embedded hardware and the PC-based models, except for controllers that are fundamentally Windows-based themselves.
 
PC-based emulators and "soft logic" controllers rely on the Windows IP stacks and protocol implementations, while true hardware controllers have a totally different operating system and implementation.

Most vulnerabilities are found at the OS level, not at the application level.

So if you're doing penetration testing or vulnerability testing, it's almost meaningless to do it on an emulator.

Look at any of the published vulnerabilities from ICS-CERT that relate to PLCs from any vendor. I'm not aware of any of them that apply to both the embedded hardware and the PC-based models, except for controllers that are fundamentally Windows-based themselves.

+1 to everything Ken Roach just said.

RS Emulate MIGHT help you look at the download protocol, but there is no guarantee it is the same as a real PLC. It won't let you look at IO communication, or anything else. A soft PLC might give you a little bit more visibility, but there is no replacement for testing a vulnerability on the actual HW you want to study.
 
Thanks for the reply guys.
So, if the only efficient way is to get a real hardware then it might not be possible for us to afford for it. Is there a way around for this?
Just like Ken Roach posted, I'll have a chance to go thru' the vulnerability reports that are available, but we would like to see something happening on our own ( so that we can have some publishable results ! ).
Kindly give your suggestions, thanks in advance.
 
Check with our local Rockwell distributor, they may loan you a processor. Your local people have several demo units they loan out for such things.
 

Similar Topics

Tonight I'm contemplating using a technique I saw the other day while troubleshooting an installation of a legacy machine for a customer of mine...
Replies
9
Views
4,020
I am currently working on a project where IO is not being used but previously was used in the field. In logix for example I have a tag where we...
Replies
4
Views
6,893
Hi. I could use some knowledge on how SCADA works with a plc 5000 program. I understand and know rslogix 5000 and have programs that use SCADA...
Replies
1
Views
1,545
I have been using this forum for a while now and can usually find an answer to all of my questions, but this time I must ask. I am using rslogix...
Replies
8
Views
2,601
Hi, Can anyone explain me what this option means? In manual, 1756-pm005_-en-p, I read "With RSLogix 5000 software, version 16, you can configure...
Replies
3
Views
6,006
Back
Top Bottom