Attacking the Manufacturing Execution System : Leveraging a Programmable Logic Controller on the Shop Floor

Abstract: Background. Automation in production has become a necessity for producing companies to keep up with the demand created by their customers. One way to automate a process is to use a piece of hardware called a programmable logic controller (PLC). A PLC is a small computer capable of being programmed to process a set of inputs, from e.g. sensors, and create outputs, to e.g. actuators, from that. This eliminates the risk of human errors while at the same time speeding up the production rate of the now near identical products. To improve the automation process on the shop floor and the production process in general a special software system is used. This system is known as the manufacturing execution system (MES), and it is connected to the PLCs and other devices on the shop floor. The MES have different functionalities and one of these is that it can manage instructions. Theses instructions can be aimed to both employees and devices such as the PLCs. Would the MES suffer from an error, e.g. in the instructions sent to the shop floor, the company could suffer from a negative impact both economical and in reputation. Since the PLC is a computer and it is connected to the MES it might be possible to attack the system using the PLC as leverage. Objectives. Examine if it is possible to attack the MES using a PLC as the attack origin. Methods. A literature study was performed to see what types of attacks and vulnerabilities that has been disclosed related to PLCs between 2010 and 2018. Secondly a practical experiment was done, trying to perform attacks targeting the MES. Results. The results are that there are many different types of attacks and vulnerabilities that has been found related to PLCs and the attacks done in the practical experiment failed to induce negative effects in the MES used. Conclusions. The conclusion of the thesis is that two identified PLC attack techniques seems likely to be used to attack the MES layer. The methodology that was used to attack the MES layer in the practical experiment failed to affect the MES in a negative way. However, it was possible to affect the log file of the MES in one of the test cases. So, it does not rule out that other MES types are not vulnerable or that the two PLC attacks identified will not work to affect the MES.