Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 or S7

From: Patrick Coomans (Patrick.Coomansat_private)
Date: Tue Sep 25 2001 - 11:14:12 PDT

Next message: Security News: "Opinions on ClicktoSecure's Hailstorm Product"

Previous message: Ockens Thomas: "RE: Web Application Testers."
Next in thread: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
Reply: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a project for which I will have to pen-test Siemens PLC's that drive production processes and do data aquisition.
 
Is there anyone who has literature on this or done this before?
 
The PLC's use TCP/IP so that will be the first thing I will go for, but most of the PLC's are simply connected to a propriary bus system (e.g. Interbus) which in turn is connected to a PC.  So attacking the "Data Aquisition and Visualisation PC" as a backdoor to the PLC would be my second option.
 
Thanks,
Patrick
 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Security News: "Opinions on ClicktoSecure's Hailstorm Product"
Previous message: Ockens Thomas: "RE: Web Application Testers."
Next in thread: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
Reply: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 18:30:19 PDT