Hans Hoefken

Paper Title

ICS/SCADA SECURITY - ANALYSIS OF A BECKHOFF CX5020 PLC

Abstract

A secure and reliable critical infrastructure is a concern of industry and governments. SCADA systems are a subgroup of industrial control systems (ICS) and known to be well interconnected with other networks. It is not uncommon to use public networks for transport and a rising number of incidents of ICS shows the danger of excessive crosslinking.

Beckhoff Automation GmbH is a German automation manufacturer that did not have bad press so far. The Beckhoff CX5020 is a typical PLC that is used in today's SCADA systems. It is cross-linked through Industrial Ethernet (EtherCat) and running a customized Windows CE 6.0, therefore the CX5020 is a good representative of modern PLCs which have emerged within the last years that use de facto standard operation systems and open standard communication protocols. This paper presents vulnerabilities of Beckhoff's CX5020 PLC and shows ways to achieve rights to control the PLC program and the operation system itself. These vulnerabilities do not need in-depth knowledge of penetration testing, they demonstrate that switching to standard platforms brings hidden features and encapsulating SCADA protocols into TCP/IP might not always be a good idea - underlining that securing ICS systems is still a challenging topic.

Speaker Bio

• Presenter: Dipl.-Ing. Hans Hoefken
• Studies Electrical Engineering in Aaachen
• 3 years Programmer of software for automatic control systems
• 15 years Head of Computing Center FH Aachen
• Ethical Hacker
• IT Forensic Investigator
• ISO 27001 Lead Auditor