By Uriel Malin, Sara Bitan, Avishai Wool and Eli Biham

The Siemens industrial control systems architecture consists of Simatic S7 PLCs which communicate with a TIA engineering station and SCADA HMI on one side, and control industrial systems on the other side. The newer versions of the architecture are claimed to be secure against sophisticated attackers, since they use advanced cryptographic primitives and protocols. In this paper we show that even the latest versions of the devices and protocols are still vulnerable.

Full Abstract & Presentation Materials: https://www.blackhat.com/us-19/briefi...