Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow
Authors: Wael Alsabbagh and Peter Langendörfer
Abstract:
Programmable Logic Controllers (PLCs) are essential for automating and controlling industrial processes within Industrial Control Systems (ICSs) and critical infrastructures. However, connecting PLCs to external networks, such as the Internet, introduces significant cybersecurity challenges and exposes these systems to malicious attacks. This article reviews current research on PLC security, addressing the limitations of prior studies that often overlooked specific PLC vulnerabilities and focused mainly on system-level threats. We classify and analyze PLC-related systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, using data from the Common Vulnerabilities and Exposures (CVE) database and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Our findings indicate a significant rise in both the number and complexity of reported PLC vulnerabilities and advisories, highlighting the evolving nature of cyber threats. Common issues include stack-based overflows, improper input validation, and inadequate access control, along with PLC-specific vulnerabilities in program verification, firmware, and memory. Adversaries exploit these weaknesses to conduct sophisticated attacks, such as command injection, control logic injection, firmware modification, and memory corruption. We emphasize the need for robust security measures tailored to both system-level and PLC-specific requirements, especially for ICSs that require real-time responses and high availability. We discuss the challenges faced by engineers and researchers in implementing effective security solutions, including code verification, firmware investigation, traffic monitoring, and suspicious state checking. Additionally, we explore how digital forensic techniques can enhance PLC security by detecting and mitigating attacks early.
In conclusion, we offer targeted recommendations for PLC manufacturers, researchers, and engineers to improve the security of future PLC designs and operational systems. Our review aims to bridge existing research gaps and contribute to the development of more secure PLCs, thereby protecting critical infrastructures and industrial control systems from escalating cyber threats.