CPU Protection, Part II

In addition to my last post where I talked about CPU protection (click here to access), today I will write about how we can detect if protection is enabled on a S7-300. If not, we could connect to the PLC (CPU or communications module), upload the program, and modify it. After this, download it again.

Other actions that could be accomplished are establishing new passwords on FCs, FBs, etc. When a legitimate user would want to access to read or write them, he/she could not do it because would not know the configured password.

S7Scan tool can help us to get this information, CPU Protection. We have to take a look at “Module Protection” section. There, we can see if this is set up. In the figure below, it is not.

Well, what can we do? As I said we could be online and inspect the program, its configuration and upload it.

On the other hand, if “Module Protection” is configured as on the picture below, we will not be able to do it.

A password will be requested in two ways. Firstly, if we want to access to a Block or Function after we are online.

And secondly, if we want to upload the program. See the area where indicates “<introducir contraseña> that means <introduce your password>

This is an example on how these features can help us introducing new controls. Are they all effective as we expect? Well this is another question… During this work I found there is a limitation of eight characters long.

Apart from this, we know that passwords can be cracked by specific software or stored in plain text. Configure a password it is not a silver bullet to protect access. We have to implement other security measures and try to stop an intrusion, deliberate action or similar, before it reaches the objective.

We can not trust the security device by its own features because they could not be as robust as they should be. Industrial components, devices or systems have been designed to be robust, simple, reliable, safe, etc. not secure. Security is relatively new, since attacks have been carried out or vulnerabilities have been discovered and published.

Thanks again, I will see you in the next!

Having said this, I hope you have enjoined this post!

To be continued…

Stay tuned!

1 comentario en “CPU Protection, Part II

  1. Pingback: Enredando con redes ...Tools: PssEnredando con redes …

Los comentarios están cerrados.