A metasploit-based exploiting approach to PLC vulnerabilities
Haroon, Inshal (2025)
2025
Tietotekniikan DI-ohjelma - Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
Hyväksymispäivämäärä
2025-06-11
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202506096993
https://urn.fi/URN:NBN:fi:tuni-202506096993
Tiivistelmä
Automation of operations in critical infrastructures heavily relies on Programmable Logic Controllers (PLCs) for control in Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) environments. However, their convergence with IT networks extended the attack surface and the risk of exploits at the protocol level and denial-of-service (DoS) attacks, this project simulates and evaluates real-world scenarios of attack on a custom-developed Modbus TCP-based PLC simulator for assessing effectiveness and impact of common offensive techniques.
Implementation involved building a Python-based PLC simulator using the pymodbus library and deploying it inside a controlled Kali Linux virtual environment. A number of attacks were executed, using the Metasploit Framework's Modbus client and a custom python script for DoS. Attacks included unauthorized access to coil and register reads/writes, device identity enumeration, and continuous flooding to exhaust system resources. Each event was monitored through terminal logs and system resource tools.
Results show varied manifestations that unsecured or unauthenticated Modbus configuration can suffer data exfiltration, control signal manipulation, and service disruption. For instance, the write operation directly reflected internal states without validation, while persistent traffic generated by the DoS script resulted in CPU load and ultimately ruptured operation of the simulator within two minutes. This clearly demonstrates the application of misuse protocols in ICS exploitation in the real world, as well as a significant vulnerability to many legacy systems.
The present study therefore reiterates the immediate need for security improvements to include access control, rate limiting, and anomaly detection capabilities. With the potential application of real-world attack vectors in a realistic but safe virtual environment, this work can be well utilized by the engineers, integrators, and security professionals in enhancing and hardening their ICS infrastructure against new evolving threats.
Implementation involved building a Python-based PLC simulator using the pymodbus library and deploying it inside a controlled Kali Linux virtual environment. A number of attacks were executed, using the Metasploit Framework's Modbus client and a custom python script for DoS. Attacks included unauthorized access to coil and register reads/writes, device identity enumeration, and continuous flooding to exhaust system resources. Each event was monitored through terminal logs and system resource tools.
Results show varied manifestations that unsecured or unauthenticated Modbus configuration can suffer data exfiltration, control signal manipulation, and service disruption. For instance, the write operation directly reflected internal states without validation, while persistent traffic generated by the DoS script resulted in CPU load and ultimately ruptured operation of the simulator within two minutes. This clearly demonstrates the application of misuse protocols in ICS exploitation in the real world, as well as a significant vulnerability to many legacy systems.
The present study therefore reiterates the immediate need for security improvements to include access control, rate limiting, and anomaly detection capabilities. With the potential application of real-world attack vectors in a realistic but safe virtual environment, this work can be well utilized by the engineers, integrators, and security professionals in enhancing and hardening their ICS infrastructure against new evolving threats.