DigitalElektrotechnik und MedientechnikInstitut ProtectIT
Beitrag (Sammelband oder Tagungsband)
Martin Schramm, Karl Leidl, Robert Wildenauer
Hacking an optics manufacturing machine: You don't see it coming?!
Proceedings of SPIE 11171 (Sixth European Seminar on Precision Optics Manufacturing, 1117101 [April 9th-10th 2019, Teisnach]), Bellingham, WA, USA
With more and more industrial devices getting inter-connected the attack surface for cyber attacks is increasing steadily. In this paper the possible approach of an attacker who got access to the office network at the Institute for Precision Manufacturing and High-Frequency Technology (IPH) to attack one of the optic machines that reside in another network segment is presented. Based on known vulnerabilities from the Common Vulnerabilities and Exposures (CVE), like the shellshock exploit or remote code execution with PsExec, for devices identified in the network, an attacker can bypass the firewall between the office network and the laboratory network and get full access to the HMI of the target machine.