PLC, a digital computer can be one of the capable target for the threat actors for cyberattacking, as they can be exploited to start damaging and to make changes to the systems they control.
In a cyberattack called ‘Evil PLC Attack’, the hacker at first settles the PLC that exposes and makes it unprotected. The threat actor then tricks an engineer into connecting to the PLC from the workstation. Mostly, this can be made by causing a defect on the PLC.
However, the cybersecurity researchers also said that these PLCs can be used as an entry point into an organization, being influenced to target the engineering workstations that are connected to them.
Several vulnerabilities have been discovered in the engineering workstation software from ABB (B&R Automation Studio), Emerson (PAC Machine Edition) and others. Around a dozen of CVE identifiers have been given to the vulnerabilities. Mostly, these vulnerabilities remains because of the software’s fully trusted data, coming from the PLC, performs without any security checks.
