Author(s)

Yong Wang¹, Jinyong Liu¹, Can Yang¹, Lin Zhou¹, Shuangfei Li¹, Zhaoyan Xu²

¹Department of Information Security, Shanghai University of Electric Power, Shanghai, China.
²Palo Alto Networks, California, CA, USA.

In Industrial Control Systems (ICS), security issues are getting more and more attention. The number of hacking attacks per year is endless, and the attacks on industrial control systems are numerous. Programmable Logic Controller (PLC) is one of the main controllers of industrial processes. Since the industrial control system network is isolated from the external network, many people think that PLC is a safety device. However, virus attacks in recent years, such as Stuxnet, have confirmed the erroneousness of this idea. In this paper, we use the vulnerability of Siemens PLC to carry out a series of attacks, such as S7-200, S7-300, S7-400, S7-1200 and so on. We read the data from the PLC output and then rewrite the data and write it to the PLC. We tamper with the writing of data to achieve communication chaos. When we attack the primary station, all slave devices connected to the primary station will be in a state of communication confusion. The attack methods of us can cause delay or even loss of data in the communications from the Phasor Data Concentrator (PMU) to the data concentrator. The most important thing is that our attack method generates small traffic and short attack time, which is difficult to be identified by traditional detection methods.

ICS, PLC, PMU, Data Tampering, Delay, Attack Methods

Wang, Y. , Liu, J. , Yang, C. , Zhou, L. , Li, S. and Xu, Z. (2018) Access Control Attacks on PLC Vulnerabilities. Journal of Computer and Communications, 6, 311-325. doi: 10.4236/jcc.2018.611028.