Georgia Institute of Technology Warns Automation Community about Underestimated Risks of Externally Accessible Programmable Logic Controllers
In 2012, WAGO established a Product Security Incident Response Team (PSIRT) to manage potential vulnerabilities. We are certified according to IEC 62443-4-1 and support our customers in operating their WAGO products safely and in protecting existing processes in the context of industrial automation in the best possible way. Hackers’ searches for potential angles of attack are becoming more and more targeted and even include access via Internet. An additional risk comes from search engines like shodan.io and censys.io, which can find unsecured controllers with connections to the Internet, such as WAGO PFCs. That makes it all the more important for our customers to protect their controllers and configure them securely for their specific environments.
A study by the Georgia Institute of Technology has illustrated the relevance of this topic once again. The researchers found that significantly more programmable logic controllers (PLCs) are susceptible to remote attacks than was previously assumed. “Uncovering publicly accessible PLC devices is a crucial step toward securing critical infrastructure,” said Ryan Pickren, lead researcher for the study. “Attackers are actively using the public Internet to attack vulnerable PLCs, so operators need to know which devices are at risk,” explained Pickren. The study demonstrates the limitations of conventional ICS security research methods, which often rely on simple queries from services such as Shodan and Censys to identify at-risk PLCs. The “best-effort” queries used in previous studies tend to search only for simple static keywords that are disclosed by certain protocols. But this often fails to capture the dynamic nature of modern multi-protocol PLC devices, including those from WAGO.