home Manufacturing Technology Manufacturing Equipment
Industrial manufacturing
Industrial Internet of Things | Industrial materials | Equipment Maintenance and Repair | Industrial programming |
home  MfgRobots >> Industrial manufacturing >  >> Manufacturing Technology >> Industrial Technology

How to Use Cnspec to Detect Outdated Firmware and Misconfigurations on PLCnext Control

As an example, let's take the PLCnext Control AXC F 2125 from Phonix Contact, which is based on the ARM Cortex-A9 processor and has an IEC 61131 runtime system. Cnspec is an open source tool that offers different options for scanning the Linux-based PLCnext Control to detect old firmware and misconfigurations. This guide provides a step-by-step instructions to scan a PLCnext Control via the cnspec SSH provider.

  1. Install cnspec on your notebook (Install Guide)

  2. Test the connection and establish a cnspec shell to the PLCnext Control by running the following command:

    cnspec shell ssh admin@192.168.1.10 --ask-pass

  3. Execute the following MQL command within the cnspec shell:

    file("/etc/plcnext/arpversion").content

As we can see, we were able to connect via SSH to the PLCnext Control and were able to execute the first MQL command.

→ loaded configuration from /home/user/.config/mondoo/mondoo.yml using source default
Enter password: 
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
 ___ _ __ ___ _ __ ___ ___ 
 / __| '_ \/ __| '_ \ / _ \/ __|
| (__| | | \__ \ |_) | __/ (__ 
 \___|_| |_|___/ .__/ \___|\___|
 mondoo™ |_| 
cnspec> file("/etc/plcnext/arpversion").content
file.content: "Arpversion: 23.0.0.65
GIT Commit Hash: d755854b5b21ecb8dca26b0a560e6842a0c638d7
Build Job: \"jenkins-PLCnext-Yocto_Targets-Yocto_AXCF2152-release%2F23.0.x-65\"
"

  1. Download the PLCnext Technology policy from the public cnspec-policies repository to perform a basic security check by running the following command:

    git clone https://github.com/mondoohq/cnspec-policies
Cloning into 'cnspec-policies'...
remote: Enumerating objects: 1075, done.
remote: Counting objects: 100% (149/149), done.
remote: Compressing objects: 100% (84/84), done.
remote: Total 1075 (delta 75), reused 115 (delta 61), pack-reused 926
Receiving objects: 100% (1075/1075), 699.81 KiB | 402.00 KiB/s, done.
Resolving deltas: 100% (690/690), done.

  2. Perform the following command to run a complete security scan on the PLCnext Control via SSH:

    cnspec scan ssh admin@192.168.1.10 -f cnspec-policies/community/mondoo-phoenix-plcnext-security.mql.yaml --ask-pass

The full ouput should look like this:

cnspec scan ssh admin@192.168.1.10 -f cnspec-policies/community/mondoo-phoenix-plcnext-security.mql.yaml --ask-pass
→ loaded configuration from /home/user/.config/mondoo/mondoo.yml using source default
Enter password: 
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
 axcf2152 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% score: F
Asset: axcf2152
---------------
Controls:
✕ Fail: Ensure SSH MaxAuthTries is set to 4 or less
✓ Pass: Ensure secure permissions on SSH public host key files are set
✓ Pass: Ensure only strong MAC algorithms are used
✓ Pass: Ensure only strong ciphers are used
✓ Pass: Ensure SSH IgnoreRhosts is enabled
✓ Pass: Ensure SSH Idle Timeout Interval is configured
✕ Fail: Ensure SSH password authentication is disabled
✓ Pass: Ensure current system time is synchronized
✓ Pass: Ensure only strong Key Exchange algorithms are used
✓ Pass: Ensure SSH LoginGraceTime is set to one minute or less
✓ Pass: Ensure SSH Protocol is set to 2
✓ Pass: Ensure SSH root login is disabled or set to prohibit-password
✓ Pass: Ensure SSH LogLevel is appropriate
✓ Pass: Ensure SSH PermitUserEnvironment is disabled
✓ Pass: Ensure SSH HostbasedAuthentication is disabled
✓ Pass: Ensure SSH access is limited
✓ Pass: Ensure secure permissions on SSH private host key files are set
✓ Pass: Ensure SSH warning banner is configured
✕ Fail: Ensure Firewall is active
✓ Pass: Ensure SSH PermitEmptyPasswords is disabled
✓ Pass: Ensure SSH X11 forwarding is disabled
✓ Pass: Ensure latest PLCnext Firmware is installed
Scanned 1 assets
For detailed output, run this scan with "-o full".

The open-source cnspec security solution provides a comprehensive approach to identifying vulnerabilities and misconfigurations across both IT and OT systems. By regularly scanning your systems, you can proactively identify and fix potential security issues before they become a problem.

Note:

The Makers Blog shows applications and user stories of community members that are not tested or reviewed by Phoenix Contact. Use them at your own risk.


Industrial Technology

  • Manufacturing process
  • 3D printing
  • Automation Control System
  • Industrial Technology
    1. Expert Guide: Selecting the Optimal Abrasive Machining Technique for Portable Grinding
    2. Lightning vs Lightning Arrester: Key Differences in Electrical Systems
    3. Biocompatible Materials in Medical Device Manufacturing: Standards and Best Practices
    4. Unlock Peak Warehouse Efficiency with Smart Product Slotting
    5. CNC Turning vs CNC Milling: How to Choose the Right Process
    6. The Crucial Role of Precision Machining in Medical Device Manufacturing
    7. Boost Retention: Proven B2B Customer Appreciation Strategies for Manufacturers
    8. Common-Source JFET Amplifier: Design, Analysis, and Practical Worksheet
    9. Boost Your Supply Chain Resilience by Bundling 3PL Services
    10. Effective Strategies for UID Tracking in Military Asset Management