This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  (You can register for the conference here)
View analytic
Monday, October 23 • 2:15pm - 3:00pm
Exploiting Industrial Network Communication Devices and HMI Web Panels (Live Hacking Demo)

Sign up or log in to save this to your schedule and see who's attending!

In this presentation, security researcher Bertin Bervis will reveal and demonstrate several web applications vulnerabilities in PLCs, RTUs, weather stations and industrial network communication devices from many well know vendors.

Web vulnerabilities are usually a threat in the web space but now attackers are taking advantage of the same issues present in PLCs  and web HMI interfaces connected to the internet, poor security and the lack of technical web defense are the key to success from remote attackers in critical infrastructures nowadays. 

Human – machine web interfaces are usually present in some PLC models allowing the attacker take advantage of these vulnerabilities from internet connected devices and industrial sensors in order to gain stealth, persistence and code execution remotely. This presentation will demonstrate vulnerabilities in a real live demonstration .  


  • Introduction to the problem of industrial network connected devices to the internet
  • Technical description of the models presented in  the research / examples 
  • Technical analysis of the exploit 
  • Real live hacking demonstration 
  • Recommendations / Conclusions 

avatar for Bertin Bervis

Bertin Bervis

Security Researcher, CyberTrust Spa
Bertin Bervis is a security researcher from Costa Rica currently working for a cyber security firm in Santiago de Chile called CyberTrust Spa. Bertin has spoken at several security conferences around the world, including DEFCON, Blackhat and Ekoparty.

Monday October 23, 2017 2:15pm - 3:00pm
Windsor C