Claroty has released research detailing a new type of cyber-attack that weaponises programmable logic controllers (PLCs) in order to exploit engineering workstations and further invade OT and enterprise networks.
These days, PLCs in industrial networks are becoming critical attack targets, with more exploits being identified every day. This particular attack targets engineers working on industrial networks, who configure and troubleshoot PLCs across critical industries such as utilities, electricity, water and wastewater, heavy industry, manufacturing, and automotive, among others.
The report breaks down how the Claroty research team successfully hacked a PLC to achieve code execution on the engineer’s machine. Affected vendors include Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson.
You can read the full report here.
