Contr_Conn
Member
I think Factory Talk security protects from unathorized program modifications and blocks access from some workstations. It does nothing to protect against virusesTimothyMoulder said:
PLC Virus
- Thread starter Greg Dake
- Start date
marius
Member
- Join Date
- Apr 2005
- Posts
- 239
i think the definition of virus is 'self-spreading piece of software' ... every machine equipped by cpu and communication (mobile or plc) can be attacked by DOS via some kind of Exploit (even with deadly results), but can you imagine to write code in STEP7 using LAD that will copy itself into MMC card via profibus-dp into S7-317 next room? that's luckily very improbable ...
IO_Rack
Member
How else are you going to protect against a virus until it exists?
Last edited:
Jiri Toman
Member
- Join Date
- Jun 2002
- Posts
- 498
Disgruntled employee can do a lot better than that. Imagine a large manufacturing Company with many plants.
Each plant with many PLC's. You could put a piece of badly behaved code in few PLC's scattered across many plants.
This code would send disruptive messages to PLC's in other plants. It would do that based on time and randomly generated time offset, in other words it would appear to be random.
Also it would not target the same PLC all the time.
It would modify a data table in a target PLC for a short amount of time and then restore it back. Meanwhile there would be hick-ups in production. You could design a scheme where this scenario would get triggered many years after the employee left the Company. Replacing the ladder code would not help since
a. You would not know which PLC to look at
and
b. The piece of code that would cause all this would have been
part of the backed-up code as well.
The only thing you could do to deal with this type of scenario would be to examine all ladder code in all PLC's throughout the Corporation. That ofcourse would require huge effort.
TConnolly
Lifetime Supporting Member
I worked at a place where an employee who was leaving wrote a time triggered piece of malware intended to activate a bogus alarm at 2:00am a couple of months later to have the operators page me. He thought it would be a funny practical joke. He put it in several controllers, all triggered to go on different dates. The only problem is he didn't test his code and it faulted the processor.
So I did get paged and actually had to come in and remove the malware.
Managment was not happy when they inquired about the cause of the problem. I spent the day searching for similar code in all of our controllers and found it in some of the other controllers. A couple of days later I was grilled by a company lawyer. I don't know why they didn't eventually file a suit against the ex-employee, but it was considered. Something to consider for anyone who is tempted to pull a similar stunt.
So I did get paged and actually had to come in and remove the malware.
Managment was not happy when they inquired about the cause of the problem. I spent the day searching for similar code in all of our controllers and found it in some of the other controllers. A couple of days later I was grilled by a company lawyer. I don't know why they didn't eventually file a suit against the ex-employee, but it was considered. Something to consider for anyone who is tempted to pull a similar stunt.
akreel
Member
Contr_Conn said:
FactoryTalk is not my favorite thing in the world. But, I could do a lot of damage with or without it.
With an OPC server and an excel spreadsheet, I know that I could make a big mess. The descriptive tag names in CLX make it easier to decide which elements I might want to target if I wanted to cause harm.
It's actually kind of scary that PLCs respond to data requests from any device that asks. Perhaps there should be some user authentication in PLC processors.
rdrast
Lifetime Supporting Member
Honestly, the threat of a virus on a PLC is currently zero. Sabotage, perhaps.
But even the threat isn't the issue. If you have your PLC's and other control devices sitting on a public network, well, you deserve anything you get. It isn't that hard to configure a router, if you absolutely positively MUST publish information.
Or to use a multi-homed PC as a gateway.
But even the threat isn't the issue. If you have your PLC's and other control devices sitting on a public network, well, you deserve anything you get. It isn't that hard to configure a router, if you absolutely positively MUST publish information.
Or to use a multi-homed PC as a gateway.
Jimmie_Ohio
Member
My two cents...
1) I agree that implementing a virus on a PLC isn't easy for most.
2) A virus is for sabotage.
3) A disgruntled employee will take the path of least resistance when commiting sabotage.
Therefore, a disgruntled employee will do something easy to commit and easy to hide. You can imagine what...cut wire, loosening wire, damage stock inventory of spare parts, etc.
1) I agree that implementing a virus on a PLC isn't easy for most.
2) A virus is for sabotage.
3) A disgruntled employee will take the path of least resistance when commiting sabotage.
Therefore, a disgruntled employee will do something easy to commit and easy to hide. You can imagine what...cut wire, loosening wire, damage stock inventory of spare parts, etc.
Ron Beaufort
Lifetime Supporting Member
monkeyhead
Member
This seems like it would be a pretty special case virus.
There aren't that many PLC's just hanging out on the internet. Most are hidden behind a company firewall, so they'd have to be specifically targetted by someone with intricate knowledge. Plus the virus writer would need access to PLCs before hand and there are so many different types.
So I doubt this would be a prolific virus knocking out plants left and right.
There aren't that many PLC's just hanging out on the internet. Most are hidden behind a company firewall, so they'd have to be specifically targetted by someone with intricate knowledge. Plus the virus writer would need access to PLCs before hand and there are so many different types.
So I doubt this would be a prolific virus knocking out plants left and right.
sapoleon
Member
La boca se les haga a un lado!
Ron Beaufort
Lifetime Supporting Member
I don't think that they're talking about a virus in the link I gave ... I think that the point was that Internet connections might make it possible for a PLC-knowledgeable hacker to find an unprotected PLC - and then to just mess things up ...
Siemens was notified about the malware program (Trojan) that is targeting the Siemens software Simatic WinCC and PCS 7. 
Read more @
http://industriellautomation.blogspot.com/2010/07/virus-slar-till-mot-maskiner.html
Read more @
http://industriellautomation.blogspot.com/2010/07/virus-slar-till-mot-maskiner.html
Operaghost
Member
Bear in mind that this is a Windows exploit that was being used on a system using Siemen's software. It really would be unfair to label this a Siemen's problem.
This exploit dates back to Windows 2000 and possibly Windows NT.
OG
This exploit dates back to Windows 2000 and possibly Windows NT.
OG
The following link is from the Wall street Journal, titled: "Virus Attacks Siemens Plant-Control Systems":
http://online.wsj.com/article/NA_WSJ_PUB:SB10001424052748703954804575381372165249074.html
If you are unable to read the entire article, search for the quoted title.
-mdl
Similar Topics
Curious if others run antivirus software on their programming laptops.
I've always been told to avoid antivirus, firewalls and...
Interesting read (I only glanced through it).
W32.StuxNet
(Sorry if this was posted previously)
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
Hi all,
looking to model old RR relays in PLC. Does anyone have any SPECIFIC examples on how to model a relay such as a polar relay, slow pickup...
HelloI need software to download the program from PLC EH-A28DRP from an old machine whose manufacturer does not exist. It may be Ladder Editor for...