The research discusses leveraging a firmware modification attack to remotely debug Siemens S7 PLCs by decrypting the SWCPU and modifying the firmware through exploitation of a forgotten debug flag. The method allows setting breakpoints, reading/writing memory, and controlling the SWCPU remotely. The lack of secure boot facilitates persistence of the debugger, impacting future research on Siemens S7 PLCs
Additionally, attackers controlling the Windows VM can replace SWCPU, establish a connection with a malicious server, and control the PLC, demonstrating significant implications for security and remote access to these systems.https://www.youtube.com/watch?v=ZE2OGQLwq-A