SPRACO8 October 2019 AM3351 , AM3352 , AM3354 , AM3356 , AM3357 , AM3358 , AM3358-EP , AM3359 , AM4372 , AM4376 , AM4377 , AM4378 , AM4379 , AM5746 , AM5748 , AM5749 , AM6546 , AM6548
Given the critical role that PLCs play in digital factories, Table 1 shows the potential attacks that can leave factories vulnerable. The threat scores listed in the third column leverage the first.org Common Vulnerability Scoring System Version 3.0 Calculator [2]. The higher the score, the greater the security risk, indicating the need to take proactive steps to enable countermeasures.
| Threat | Threat Description | Threat Score | CVSS |
|---|---|---|---|
| Denial-of-service attacks | Bringing the system or PLC network down through malicious attacks; overloading the data stream to overload the memory, for example | 8.6 | CVSS Calculation – 8.6 |
| Spoofing | Intercepting communication to the host from the PLC and modifying it maliciously | 8.5 | CVSS Calculation – 8.5 |
| Man-in-the-middle attacks | A rogue PLC or remote input/output (I/O) intercepts and modifies/changes messages from a valid source, and forwards attack messages to a targeted PLC in an attempt to take down the PLC or have it respond in unintended way, like shutting down a section of a factory | 8.5 | CVSS Calculation – 8.5 |
| Rogue PLC joining network | A rogue PLC impersonating a legitimate PLC joins a factory network to create attack scenarios | 8.5 | CVSS Calculation – 8.5 |
| PLC takeover | Changing the PLC program or boot image to alter intended operations and create attack scenarios or denial-of-service attacks | 7.4 | CVSS Calculation – 7.4 |
| Remote device management serves exploits | Using remote device management services such as web managers, Telnet or Secure Shell running over a PLC for debugging or status reporting to gain control of a PLC or change its configuration | 7.4 | CVSS Calculation – 7.4 |