Enhancing the operational resilience of CODESYS PLCs : through security assessments using OpenSCAP and vulnerability scanners

Abstract

This thesis aimed to investigate methods for enhancing the operational resilience of virtual and physical CODESYS Programmable Logic Controllers (PLCs) by integrating structured security assessments into the operational lifecycle of PLC-based control environments. The objective was achieved by employing OpenSCAP and established vulnerability scanners to examine configuration weaknesses, outdated dependencies, and unsecured interfaces in both virtualized and hardware PLC deployments. In addition, publicly available Modbus-TCP exploitation frameworks were used to demonstrate realistic attack vectors and to evaluate the operational impact of unauthorized register manipulation and protocol-based denial-of-service activity. The study demonstrated that a combined methodology of compliance validation and protocol-level adversarial testing provided a practical mechanism for improving resilience. This approach enabled the detection of misconfigurations and the implementation of hardening measures that reinforced fault tolerance in CODESYS‑based PLCs.