Siemens SIMATIC PLCs are widely used worldwide, and account for a high share of the market. These PLCs are used in control scenarios for critical information infrastructures, such as energy, water, power, oil and gas, and other industries. To protect user’s logical program and to prevent unauthorized operation, Siemens has designed the PLC protection mechanism, but can it really protect your PLC perfectly from attacks or theft of intellectual property (algorithms, engineering designs)?
In this presentation, we focus on SIMATIC PLCs, we will describe in detail how to hack the password protection mechanism of various PLCs (such as S7-200 SMART, S7-300/400, S7-1200/S7-1500, etc.) through physical contact and network-accessible methods to obtain the logic program and key parameter values inside the PLCs.
Based on the above research, we present security recommendations at the protocol level and user application level to improve the security of SIMATIC PLCs and better protect PLC.