In addition to my last post where I talked about CPU protection (click here to access), today I will write about how we can detect if protection is enabled on a S7-300. If not, we could connect to the PLC (CPU or communications module), upload the program, and modify it. After this, download it again.
Other actions that could be accomplished are establishing new passwords on FCs, FBs, etc. When a legitimate user would want to access to read or write them, he/she could not do it because would not know the configured password.
S7Scan tool can help us to get this information, CPU Protection. We have to take a look at “Module Protection” section. There, we can see if this is set up. In the figure below, it is not.
A password will be requested in two ways. Firstly, if we want to access to a Block or Function after we are online.
This is an example on how these features can help us introducing new controls. Are they all effective as we expect? Well this is another question… During this work I found there is a limitation of eight characters long.
Apart from this, we know that passwords can be cracked by specific software or stored in plain text. Configure a password it is not a silver bullet to protect access. We have to implement other security measures and try to stop an intrusion, deliberate action or similar, before it reaches the objective.
We can not trust the security device by its own features because they could not be as robust as they should be. Industrial components, devices or systems have been designed to be robust, simple, reliable, safe, etc. not secure. Security is relatively new, since attacks have been carried out or vulnerabilities have been discovered and published.
Thanks again, I will see you in the next!
Having said this, I hope you have enjoined this post!
To be continued…