Jump to content

Is Unitronics being targeted by Malware?

Fernando Castro
 Share

Recommended Posts

Fernando Castro UniGuru

Fernando Castro

Posted
Posted

https://www.npr.org/2023/12/02/1216735250/iran-linked-cyberattacks-israeli-equipment-water-plants

 

I just saw this post and it caught my attention... to be honest, targeting unitronics vision series It could be way too easy.

 

If i recall correctly, once you are in the same network, unitronics communication drive dll doesn't even need the PLC name to connect to the PLC.  And the default port 20256 and 20257 are very well known... assuming the dll allows retrive the PLC name, its easy to download a new blank program to the PLC.

 

The IP is easier tho get if you are already in the network, Is as simple as using an ARP cmd command to scann all the devices and test for 20257, 20256 or 502 ports open... or I am sure that you can tell just just by the MAC addres.

My suggestion is to add a firewall rule for external incoming connections through those ports if you network is exposed to the internet.

Anyway stay safe.

 

 

 

 

 

ap23334816281655-fbafe270335abf1fa399743c0cf2794995b823ea-s900-c85.webp

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...