Fernando Castro Posted December 4, 2023 Report Share Posted December 4, 2023 https://www.npr.org/2023/12/02/1216735250/iran-linked-cyberattacks-israeli-equipment-water-plants I just saw this post and it caught my attention... to be honest, targeting unitronics vision series It could be way too easy. If i recall correctly, once you are in the same network, unitronics communication drive dll doesn't even need the PLC name to connect to the PLC. And the default port 20256 and 20257 are very well known... assuming the dll allows retrive the PLC name, its easy to download a new blank program to the PLC. The IP is easier tho get if you are already in the network, Is as simple as using an ARP cmd command to scann all the devices and test for 20257, 20256 or 502 ports open... or I am sure that you can tell just just by the MAC addres. My suggestion is to add a firewall rule for external incoming connections through those ports if you network is exposed to the internet. Anyway stay safe. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.