Let's do PLC Ladder Programing for the traffic light and also hack this!

-

 


Let's do PLC Ladder Programing for the traffic light and also hack this!

Ladder logic is commonly used in the PLC for industrial automation. This post explains:

  1. Provide a traffic light ladder logic program.

  2. Explain in detail how to download this logic to a PLC.

  3. Identify a tag value that could cause a system breakdown.


Step 1: Traffic Light Ladder Logic Program

The following logic simulates a simple traffic light system with Red, Yellow, and Green lights using a timer-based approach.



|----[Start]---------------------[TON T1, 10s]----(Red_Light)---|
|                           |
|                           |----[TON T2, 3s]----(Yellow_Light)---|
|                           |
|                           |----[TON T3, 10s]----(Green_Light)---|
|                           |
|                           |----[TON T4, 1s]----(Cycle_Reset)---|


How It Works:

  1. T1 (10s) → Turns Red Light ON.

  2. T2 (3s) → After Red, Yellow Light turns ON.

  3. T3 (10s) → After Yellow, Green Light turns ON.

  4. T4 (1s) → At the end of Green, the Cycle Resets back to Red.

Step 2: How to Download the Ladder Logic File to a PLC 

Now, let's assume you are completely new to PLC programming. Here’s a step-by-step guide to download and run the logic.

Tools Required

  • A PLC programming software like Siemens TIA Portal, Allen-Bradley Studio 5000, or Codesys.

  • A physical PLC (or a virtual PLC simulator).

  • A USB/Ethernet cable to connect the PC to the PLC.

Step-by-Step Guide to Downloading the Ladder Logic to a PLC

Step 1: Open the PLC Software

  • Launch your PLC programming tool (e.g., Siemens TIA Portal for Siemens PLCs or Studio 5000 for Allen-Bradley PLCs).

Step 2: Create a New Project

  • Select “New Project” and define a name and directory for your project.

  • Choose your PLC model and communication protocol (Ethernet/IP, Modbus, etc.).

Step 3: Write the Ladder Logic

  • Open the Ladder Diagram Editor.

  • Input the Traffic Light Logic using timers (TON) and output coils.

Step 4: Connect to the PLC

  • Plug the USB or Ethernet cable from your PC to the PLC.

  • In the software, select your PLC from the list of detected devices.

Step 5: Compile and Download the Program

  • Click “Compile” to check for errors.

  • If no errors, click “Download to PLC”.

Step 6: Set the PLC to “RUN” Mode

  • Switch the PLC from “STOP” mode to “RUN” mode.

  • The traffic light system will start running in real-time.

Step 3: Identifying the Critical Tag Value That Causes System Breakdown

The system will break down if T4 (Cycle_Reset) fails to trigger.

Problematic Tag: Cycle_Reset (T4)

  • If Cycle_Reset never activates, the lights will freeze at Green.

  • If Cycle_Reset activates too early, the sequence will jump unpredictably between Red, Yellow, and Green.

Fix: Ensure that T4 always gets triggered by checking the logic flow and testing with a PLC simulator before real deployment.


What would happen to the city's (or railroad's) signaling system if a hacker were to exploit a vulnerability in the PLC and change the Cycle_Reset value without permission?

#CPS #OT #XIoT #IoT #IIoT #IoMT #CPSSecurity #OTSecurity #IoTSecurity #CPS보안 #OT보안 #IoT보안

Comments

Post a Comment

Popular posts from this blog

Don't confuse DCS, PLC and SCADA in front of OT specialists

-
Image
DCS, PLC and SCADA are not the same. If you keep talking only about PLC security in front of the Oil&Gas industry executives where DCS is the main focus, they will not recognize you as a proper expert. We need to understand the characteristics of OT systems such as DCS, PLC, and SCADA accurately, also respect each OT culture uniquely and finally approach the sites in the right way. Don't be confused, here’s a clear and accurate explanation of DCS, PLC, and SCADA . 1. Distributed Control System (DCS) Concept A DCS (Distributed Control System) is an automated control system used for large-scale industrial processes that require continuous operation and high reliability. It consists of multiple controllers distributed throughout the system, which communicate with each other to manage complex processes. Key Features Used in large-scale, continuous processes (e.g., oil refineries, power plants). Decentralized control architecture with multiple controllers working together. Pr...
Read more

Top 20 Threat Scenarios & Playbooks for OT Security

-
Image
A comprehensive list of 20 threat scenarios in OT security along with detailed descriptions and detection rules that can help identify and respond to these threats. This playbook-style table covers different types of attacks—from unauthorized access to insider abuse—with corresponding rules and indicators to alert security teams. # Threat Scenario Detailed Description Detection Rules & Indicators 1 Unauthorized Remote Access Attempt An attacker uses stolen or weak credentials to access OT networks remotely. - Log Analysis: Monitor VPN/RDP logs for unusual login times, geolocation mismatches, and failed/successful login bursts. - User Behavior Analytics (UBA): Alert on deviations from normal remote access patterns. - Anomaly Detection: Trigger an alert when a remote session is initiated from an unusual IP or geographic region. 2 Malware/Ransomware Infiltration in OT Network Malicious code is introduced into the OT network via compromised endpoints or phishing, potentially encr...
Read more

Let's create our own ICS Labs in the VMs!

-
Image
Let's create our own ICS Labs in the VMs: A Step-by-Step Guide Building an Industrial Control System (ICS) lab in a virtualized environment allows security researchers, engineers, and penetration testers to safely simulate industrial networks, study threats, and test security defenses. Below is a detailed step-by-step guide to creating an ICS lab , including HMI, EWS, PLC, and other critical components. 1. Lab Architecture Overview Key Components in an ICS Lab: HMI: Graphical interface for controlling industrial processes. Engineering Workstation (EWS): Used to configure PLCs and SCADA systems. PLC: Controls physical processes (e.g., motors, valves). SCADA System: Supervisory control and monitoring of ICS networks. Historian: Logs and stores process data for analysis. Networking Components: Virtualized switches, routers, and firewalls to segment ICS networks. Attacker Machine: Kali Linux or Metasploit for penetration testing. 2. Choosing the Virtualization ...
Read more