Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Programmable logic controller
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Security== In his book from 1998, E. A. Parr pointed out that even though most programmable controllers require physical keys and passwords, the lack of strict access control and version control systems, as well as an easy-to-understand programming language make it likely that unauthorized changes to programs will happen and remain unnoticed.<ref>{{Harvnb|Parr|1998|p=451}}</ref> Prior to the discovery of the [[Stuxnet]] [[computer worm]] in June 2010, the security of PLCs received little attention. Modern programmable controllers generally contain real-time operating systems, which can be vulnerable to exploits in a similar way as desktop operating systems, like [[Microsoft Windows]]. PLCs can also be attacked by gaining control of a computer they communicate with.<ref name=":5">{{cite web |url=http://www.tofinosecurity.com/blog/plc-security-risk-controller-operating-systems |title=PLC Security Risk: Controller Operating Systems - Tofino Industrial Security Solution |website=TofinoSecurity.com |date=May 2011 |author=Byres}}</ref> {{As of|2011|since=y|post=,}} these concerns have grown β networking is becoming more commonplace in the PLC environment, connecting the previously separated plant floor networks and office networks.<ref>{{Harvnb|Bolton|2015|p=15}}</ref> In February 2021, [[Rockwell Automation]] publicly disclosed a critical vulnerability affecting its Logix controllers family. The [[Key (cryptography)|secret cryptographic key]] used to [[Symmetric-key algorithm|verify communication]] between the PLC and workstation could be extracted from the programming software (Studio 5000 Logix Designer) and used to remotely change program code and configuration of a connected controller. The vulnerability was given a severity score of 10 out of 10 on the [[Common Vulnerability Scoring System|CVSS vulnerability scale]]. At the time of writing, the mitigation of the vulnerability was to [[Defense in depth (computing)|limit network access to affected devices]].<ref>{{Cite web|last=Goodin|first=Dan|date=2021-02-26|title=Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10|url=https://arstechnica.com/information-technology/2021/02/hard-coded-key-vulnerability-in-logix-plcs-has-severity-score-of-10-out-of-10/|access-date=2021-03-07|website=Ars Technica }}</ref><ref>{{Cite web |last=Li |first=Tom |date=2021-03-01 |title=Max level vulnerability found in Logix PLCs {{!}} IT World Canada News |url=https://www.itworldcanada.com/article/max-level-vulnerability-found-in-logix-plcs/443152,%20https://www.itworldcanada.com/article/max-level-vulnerability-found-in-logix-plcs/443152 |access-date=2021-03-07 |website=ITWorldCanada.com }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)