To provide an economical way to deliver functional control in the gap between the PLC and the DCS, Schneider offer industrial process automation controllers-Modicon PACs（M580, M340, MC80,etc）.Modicon PACs feature redundancy functionality, native Ethernet, embedded cybersecurity，But are these industrial brains, widely used in power, water, and critical infrastructure, really secure?
In this presentation，we will focus on Schneider Modicon PAC controllers and illustrate in two dimensions: Private communication protocol and Password protection mechanism for CPU (Application and Firmware). We will cover:
In addition, we will also demo a novel attack that bypasses the Modicon PAC security protection mechanism to insert a malicious ransomware application, proving the impact of Modicon PAC flaws should they be exploited. We conclude with defensive strategies and recommendations for this type of attack.