PLC Code-Level Vulnerabilities
Code vulnerabilities in the ladder logic of PLCs (Programmable Logic Controllers) have not been sufficiently addressed in the literature. Most of the research related to PLC threats or attacks focuses on the hardware portion of ICS (Industrial Control Systems) or SCADA (Supervisory Control and Data Acquisition) systems such as: industrial components, peripheral devices, or networks. It does not adequately discuss PLC code-level vulnerabilities and attacks. This paper provides an overview of some critical vulnerabilities within the PLC ladder logic code or program and recommends corresponding steps or methods to keep PLCs safer and more secure. The paper focuses on ladder logic code vulnerabilities and weak points that might be exploited by malicious attacks. Those weak points could be a result of intentional malicious pieces of code embedded within the ladder logic code or inadvertent ones such as bad code practices or human errors.