PLC access control: A security analysis

Haroon Wardak, Sami Zhioua, Ahmad Almulhem

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

28 Scopus citations


A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature.

Original languageEnglish
Title of host publication2016 World Congress on Industrial Control Systems Security, WCICSS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781908320636
StatePublished - 20 Mar 2017

Publication series

Name2016 World Congress on Industrial Control Systems Security, WCICSS 2016

Bibliographical note

Funding Information:
This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals.

Publisher Copyright:
© 2016 IEEE.


  • Access Control
  • Industrial Control Systems
  • PLC
  • Passwords

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Control and Optimization
  • Artificial Intelligence
  • Computer Networks and Communications
  • Industrial and Manufacturing Engineering
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'PLC access control: A security analysis'. Together they form a unique fingerprint.

Cite this