Fernando Castro Posted December 4, 2023 Report Share Posted December 4, 2023 https://www.npr.org/2023/12/02/1216735250/iran-linked-cyberattacks-israeli-equipment-water-plants I just saw this post and it caught my attention... to be honest, targeting unitronics vision series It could be way too easy. If i recall correctly, once you are in the same network, unitronics communication drive dll doesn't even need the PLC name to connect to the PLC. And the default port 20256 and 20257 are very well known... assuming the dll allows retrive the PLC name, its easy to download a new blank program to the PLC. The IP is easier tho get if you are already in the network, Is as simple as using an ARP cmd command to scann all the devices and test for 20257, 20256 or 502 ports open... or I am sure that you can tell just just by the MAC addres. My suggestion is to add a firewall rule for external incoming connections through those ports if you network is exposed to the internet. Anyway stay safe. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now