Abstract
CNC machines are largely used in production plants and constitute a critical asset for organizations globally. The strong push dictated by the Industry 4.0 paradigm led to the introduction of technologies for the wide connectivity of industrial equipment. As a result, modern CNCs resemble more to fully fledged systems rather than mechanical machines, offering numerous networking services for smart connectivity. This work explores the risks associated with the strong technological development observed in the domain of CNC machines. We performed an empirical evaluation of four representative controller manufacturers, by analyzing the technologies introduced to satisfy the needs of the Industry 4.0 paradigm, and conducting a series of practical attacks against real-world CNC installations. Our findings revealed that malicious users could abuse of such technologies to conduct attacks like denial-of-service, damage, hijacking or data theft. We reported our findings to the affected controller vendors and proposed mitigation. This work wants to be an opportunity to raise awareness in a domain in which, unfortunately, security doesn’t seem to be, yet, an important driver.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Some attacks are reported multiple times because consisting of attack variations. For example, a malicious user can modify the geometry of a tool to achieve damage, hijacking, or denial-of-service - depending on the type of machine and manufacturing process.
Vice versa, the same user can conduct several attacks to achieve the same goal. For example, an attacker can take control of the production of an exposed CNC by hijacking a parametric program, by modifying the geometry of a tool to introduce a micro-defect, or by changing the executed program.
References
Balduzzi, M., Bongiorni, L., Flores, R., Lin, P., Perine, C., Vosseler, R.: Lost in translation: when industrial protocol translation goes wrong. Trend Micro (2020)
Maggi, F., et al.: Smart factory security: a case study on a modular smart manufacturing system. Procedia Comput. Sci. 180, 666–675 (2021)
Quarta, D., Pogliani, M., Polino, M., Maggi, F., Zanchettin, A.M., Zanero, S.: An experimental security analysis of an industrial robot controller. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 268–286. IEEE (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Balduzzi, M., Sortino, F., Castello, F., Pierguidi, L. (2023). An Empirical Evaluation of CNC Machines in Industry 4.0 (Short Paper). In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-35190-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35189-1
Online ISBN: 978-3-031-35190-7
eBook Packages: Computer ScienceComputer Science (R0)