Commonly found SCADA / IOT/ OT / ICS security issues

Commonly found SCADA / IOT / OT / ICS security issues

Purdue model

Perdue Model ICS Security
  • Applying traditional corporate IT policies to the SCADA environment
  • Default passwords
  • No segregation of network/duties
  • RTUs PLCs can be accessed through a web interface
  • Obsolete OS, missing patch levels, lack of AV support in fear of system disruption
  • No application and OS hardening
  • Some common ports are enabled (SSH, SNMP, telnet) potentially vulnerable to DOS attack
  • Control Room with full access and auto logins
No alt text provided for this image


Hirschmann, Tofino, ProSoft, Claroty, and Forescout., Nomzi, Dragos

Leave a Reply