IEEE Access (Jan 2024)
Investigating the Security of OpenPLC: Vulnerabilities, Attacks, and Mitigation Solutions
Abstract
Open-source Programmable Logic Controller (OpenPLC) software is designed to be vendor-natural and run on almost any computer or low-cost embedded devices e.g., Raspberry Pi, Ardunio, and other controllers. The aim of this project is to introduce an affordable and practical alternative solution for the high-cost of real hardware PLCs, and has successfully gained substantial interest within both the research and industrial communities. Due to its popularity grows, understanding its security vulnerabilities and implementing effective mitigation strategies become crucial. Through a combination of threat modeling, vulnerability analysis, and practical experiments, this article provides valuable insights for developers, researchers, and engineers aiming to deploy OpenPLC securely in industrial environments. To this end, we first conducted an in-depth analysis aimed to shed light on various security challenges and vulnerabilities within the OpenPLC project. These encompass issues such as unauthorized access, vulnerabilities in communication protocols, concerns regarding data integrity, the absence of robust encryption mechanisms, etc. After that, we showed the research community what the consequences of those vulnerabilities would be if they are exploited. To this end, we performed a sophisticated control logic injection attack that maliciously modifies the user program run on the OpenPLC Runtime. Our injection was stealthy and not detected by the legitimate user. Finally, we introduced a security-enhanced OpenPLC software called OpenPLC Aqua. Our developed software is equipped with a set of security solutions designed specifically to address the vulnerabilities to which current OpenPLC versions are prone. All our attack codes as well OpenPLC Aqua software are publically available.
Keywords
