Revision as of 18:05, 14 August 2024 edit Abcasada (talk \| contribs) Extended confirmed users 825 edits →Early methods of programming: Add another type, and links Tag: Visual edit ← Previous edit		Revision as of 18:09, 14 August 2024 edit undo Abcasada (talk \| contribs) Extended confirmed users 825 edits m →Security: Grammar Tag: Visual edit Next edit →
Line 125: In his book from 1998, E. A. Parr pointed out that even though most programmable controllers require physical keys and passwords, the lack of strict access control and version control systems, as well as an easy-to-understand programming language make it likely that unauthorized changes to programs will happen and remain unnoticed.<ref>{{Harvnb\|Parr\|1998\|p=451}}</ref> Prior to the discovery of the [[Stuxnet]] [[computer worm]] in June 2010, the security of PLCs received little attention. Modern programmable controllers generally contain a real-time operating systems, which can be vulnerable to exploits in a similar way as desktop operating systems, like [[Microsoft Windows]]. PLCs can also be attacked by gaining control of a computer they communicate with.<ref name=":5">{{cite web \|url=http://www.tofinosecurity.com/blog/plc-security-risk-controller-operating-systems \|title=PLC Security Risk: Controller Operating Systems - Tofino Industrial Security Solution \|website=TofinoSecurity.com \|date=May 2011 \|author=Byres}}</ref> {{As of\|2011\|since=y\|post=,}} these concerns have grown as networking is becoming more commonplace in the PLC environment connecting the previously separate plant floor networks and office networks.<ref>{{Harvnb\|Bolton\|2015\|p=15}}</ref> In February 2021, [[Rockwell Automation]] publicly disclosed a critical vulnerability affecting its Logix controllers family. [[Key (cryptography)\|Secret cryptographic key]] used to [[Symmetric-key algorithm\|verify communication]] between the PLC and workstation can be extracted from Studio 5000 Logix Designer programming software and used to remotely change program code and configuration of connected controller. The vulnerability was given a severity score of 10 out of 10 on the [[Common Vulnerability Scoring System\|CVSS vulnerability scale]]. At the time of writing, the mitigation of the vulnerability was to [[Defense in depth (computing)\|limit network access to affected devices]].<ref>{{Cite web\|last=Goodin\|first=Dan\|date=2021-02-26\|title=Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10\|url=https://arstechnica.com/information-technology/2021/02/hard-coded-key-vulnerability-in-logix-plcs-has-severity-score-of-10-out-of-10/\|access-date=2021-03-07\|website=Ars Technica }}</ref><ref>{{Cite web \|last=Li \|first=Tom \|date=2021-03-01 \|title=Max level vulnerability found in Logix PLCs {{!}} IT World Canada News \|url=https://www.itworldcanada.com/article/max-level-vulnerability-found-in-logix-plcs/443152,%20https://www.itworldcanada.com/article/max-level-vulnerability-found-in-logix-plcs/443152 \|access-date=2021-03-07 \|website=ITWorldCanada.com }}</ref>

Programmable logic controller: Difference between revisions