The devices tested by the Basecamp Project included the D20 PLC by GE, The Modicon Quantum by Schneider Electric, Rockwell and Koyo Electronics. Each device was tested using a number of additional attack vectors. Researchers attempted to upload custom firmware or so-called “ladder logic” for the device, looked for back door accounts, weak authentication, undocumented features that could be exploited and fuzzed each device for vulnerable services. Here, a grid presents the results of the tests. A green check means the device passed the test. An exclamation mark indicates that researchers found an problem. A red ‘X’ indicates that an exploitable hole was discovered.
Ladder logic
The devices tested by the Basecamp Project included the D20 PLC by GE, The Modicon Quantum by Schneider Electric, Rockwell and Koyo Electronics. Each device was tested using a number of additional attack vectors. Researchers attempted to upload custom firmware or so-called “ladder logic” for the device, looked for back door accounts, weak authentication, undocumented features that could be exploited and fuzzed each device for vulnerable services. Here, a grid presents the results of the tests. A green check means the device passed the test.
