Q Series PLC Security Assessment

[Guest Tim Wagner]

We have a number of Q series units and we have found that they are susceptible to port scans that are carried out to assess the security of the corporate network. The port scan looks for open ports on the ethernet port, such as telnet, ftp, etc. This was specific to the Mitsubishi units - other makes have not been impacted.

[panic mode 246]

what do you mean by "they are susceptible to port scans"?

[Guest T. Wagner]

My meaning of susceptible in this case means the PLC actually was knocked offline of the ethernet network during this type of scanning. In using the exact type of scanning against other PLC's (OMRON, A-B) they continued to work fine. Even the Mitsubishi PLC would continue to communicate to the equipment it was attached to, but was offline to the network. Security assessments may be done periodically, so any idea what may be at the root of this? I would imagine it is either a reaction to the volume of traffic or the scanning across ports.

[panic mode 246]

sounds interesting, i didn't notice such problem... do you get error on the PLC ethernet card? maybe it's not configured correctly. i'm still not quite sure i understand this: "Even the Mitsubishi PLC would continue to communicate to the equipment it was attached to, but was offline to the network." What other equipment and what network? Does it mean that: - there are other ethernet devices (other than port scanning node) connected to same Ethernet network? or something else (melsecnet or whatever) - those ethernet devices continue to communicate to plc and rest of the network (such as port scanning node) cannot reach PLC? or it means that NOTHING can access PLC through Ethernet port after port scan (meaning that "other equipment" is not on ethernet)? on the other hand - why do you have production network (PLCs) together with everything else on corporate network? just testing how lucky you are and how much office traffic affects the production or data collection...? and what software you use for scanning ports? how frequently it scans the network?

[Guest Tmu]

I have had exact same type of problems. I can occur for exaple, when certain amount of Q's are connected to ethernet Lan of W-lan. We have fixed buffer and several E-terminals connected and one OPC. Everything seems to be OK, no error messages, but eth-card goes offline. Problem was solved when all the ethernet-cards were updated, QJ71E71-100. We send ours to Germany and that is it. Stange thing is that RJ45 is installed to different way in newer version cards. I mean the pin direction.