Complex industrial equipment attack

MFE190-04UP-03A0-2
The core assets of manufacturers are different from other industries, in addition to common PLC, HMI and other equipment, there are unique CNC machine tools, industrial robots, optical measurement systems, etc. These assets usually have complex system composition, many technical points, programming environment proprietary characteristics, such as industrial robots by the control system, drive system, executive joints, etc. It executes corresponding manufacturing tasks according to task procedures, which are decomposed into multiple execution steps (for example, “Move right”, “clamp open”, “move down”, “pick up”) in the control system to complete the corresponding production process of the product. Each machine vendor has its own specialized language to program tasks, such AS ABB’s Rapid, Comau’s PDL2, Fanuc’s Karel, Kawasaki’s AS, Kuka Robotics Language (KRL), Mitsubishi’s Melfa Basic, and Yaskawa’s Inform. These Industrial robot programming languages (IRPLs) are proprietary, and each language has a unique set of features.

MFE190-04UP-03A0-2 

MFE190-04UP-03A0-2
IRPLs is very powerful because it allows programmers to write automated programs, but also read and write data from the network or files, access process memory, execute code downloaded dynamically from the network, and more. Powerful programming features can be very dangerous if used improperly and without security awareness. For example, worms can be programmed to spread themselves among robots in a network. After infecting a new robot, the worm will start scanning the network for other potential targets and use the network to spread. The worm includes a file collection function to obtain sensitive data and files from infected robots. The following is an example of a network scan of the worm malware:

In addition, there are many vulnerabilities in industrial robots, such as the directory traversal vulnerability, which allows an attacker to steal a log file that records the movement of a target robot, which contains sensitive information such as intellectual property (such as how the product is built), and then access other files in other directories (including files with authentication secrets). And use these files to finally access the control system. The following diagram shows a connection accessing a confidential file without verification.

The above is only for the industrial robot system to illustrate the possibility of attack on complex industrial equipment in the manufacturing industry, the rest of the key equipment such as CNC machine tool system, laser measurement system, etc., because of its powerful and complex functions may have loopholes or normal functions are maliciously used.