Revision as of 18:10, 14 August 2024 edit Abcasada (talk \| contribs) Extended confirmed users 825 edits m →Security: Grammar Tag: Visual edit ← Previous edit		Revision as of 18:11, 14 August 2024 edit undo Abcasada (talk \| contribs) Extended confirmed users 825 edits →Security: Grammar Tag: Visual edit Next edit →
Line 127: Prior to the discovery of the [[Stuxnet]] [[computer worm]] in June 2010, the security of PLCs received little attention. Modern programmable controllers generally contain real-time operating systems, which can be vulnerable to exploits in a similar way as desktop operating systems, like [[Microsoft Windows]]. PLCs can also be attacked by gaining control of a computer they communicate with.<ref name=":5">{{cite web \|url=http://www.tofinosecurity.com/blog/plc-security-risk-controller-operating-systems \|title=PLC Security Risk: Controller Operating Systems - Tofino Industrial Security Solution \|website=TofinoSecurity.com \|date=May 2011 \|author=Byres}}</ref> {{As of\|2011\|since=y\|post=,}} these concerns have grown – networking is becoming more commonplace in the PLC environment, connecting the previously separated plant floor networks and office networks.<ref>{{Harvnb\|Bolton\|2015\|p=15}}</ref> In February 2021, [[Rockwell Automation]] publicly disclosed a critical vulnerability affecting its Logix controllers family. The [[Key (cryptography)\|~~Secret~~secret cryptographic key]] used to [[Symmetric-key algorithm\|verify communication]] between the PLC and workstation ~~can~~could be extracted from the programming software (Studio 5000 Logix Designer ~~programming software~~) and used to remotely change program code and configuration of a connected controller. The vulnerability was given a severity score of 10 out of 10 on the [[Common Vulnerability Scoring System\|CVSS vulnerability scale]]. At the time of writing, the mitigation of the vulnerability was to [[Defense in depth (computing)\|limit network access to affected devices]].<ref>{{Cite web\|last=Goodin\|first=Dan\|date=2021-02-26\|title=Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10\|url=https://arstechnica.com/information-technology/2021/02/hard-coded-key-vulnerability-in-logix-plcs-has-severity-score-of-10-out-of-10/\|access-date=2021-03-07\|website=Ars Technica }}</ref><ref>{{Cite web \|last=Li \|first=Tom \|date=2021-03-01 \|title=Max level vulnerability found in Logix PLCs {{!}} IT World Canada News \|url=https://www.itworldcanada.com/article/max-level-vulnerability-found-in-logix-plcs/443152,%20https://www.itworldcanada.com/article/max-level-vulnerability-found-in-logix-plcs/443152 \|access-date=2021-03-07 \|website=ITWorldCanada.com }}</ref> == Safety PLCs ==

Programmable logic controller: Difference between revisions