Comparative risk assessment across five major PLC families
| Dimension | Rockwell ControlLogix | Siemens S7-1500 | Schneider M580 | ABB AC500-S | Phoenix Contact PLCnext |
|---|---|---|---|---|---|
| Auth[D1] | ✗Shared key (CVE-2021-22681) | ~TLS/cert V2.9+ (CVE-2022-38465) | ~RBAC, CVE-2023-6408 bypass | ✓IEC 62443 SL2+ role-based | ✓Cert TLS from inception |
| Protocol[D2] | ~EtherNet/IP 44818, no encryption | ~Profinet/S7comm 102, OPC UA | ✗Dual-protocol (Modbus + EtherNet/IP) | ~Multi-protocol, configurable | ~Profinet+OPC UA+MQTT+REST |
| Firmware[D3] | ✗NO PATCH for CVE-2021-22681 | ✓Regular SIMATIC patches | ✓SEVD advisory pipeline | ✓Signed firmware, ABBX advisories | ✓Linux pkg management |
| Eng. Coupling[D4] | ✗Studio 5000 — used by attacker | ~TIA Portal proprietary | ~EcoStruxure, DFB poisoning | ~Automation Builder proprietary | ✓PLCnext Engineer + open standards |
| Network[D5] | ✗Air-gap assumed, ~6,000 exposed | ~Defense-in-depth (SCALANCE) | ~ConneXium/Tofino partnerships | ✓IEC 62443 zones and conduits | ✓Built-in firewall, native VLAN |
| HMI Path[D6] | ✗PLC owns display, no validation | ~WinCC — same falsification risk | ~AVEVA/Wonderware — same risk | ~Panel Builder, OPC UA | ✓OPC UA SignAndEncrypt |
| Persistence[D7] | ✗Open exec — Dropbear deployed | ✓Hardened firmware, constrained | ~VxWorks, CVE-2019-6553 RCE | ✓Proprietary RTOS | ~Linux — AppArmor available |
| Defaults[D8] | ~Unitronics phase: 100% default-cred | ✓Forces password on first config | ✗Default FTP/HTTP credentials | ✓Password required at commissioning | ✓No factory defaults |
Assessment based on TARA analysis generated by OmniTrust Certify. Data sourced from NVD, CISA advisories, vendor documentation, and ICS-CERT.