In this presentation, security researcher Bertin Bervis will reveal and demonstrate several web applications vulnerabilities in PLCs, RTUs, weather stations and industrial network communication devices from many well know vendors.
Web vulnerabilities are usually a threat in the web space but now attackers are taking advantage of the same issues present in PLCs and web HMI interfaces connected to the internet, poor security and the lack of technical web defense are the key to success from remote attackers in critical infrastructures nowadays.
Human – machine web interfaces are usually present in some PLC models allowing the attacker take advantage of these vulnerabilities from internet connected devices and industrial sensors in order to gain stealth, persistence and code execution remotely. This presentation will demonstrate vulnerabilities in a real live demonstration .
Outline: