The integration of Industrial Internet of Things (IIoT) devices into manufacturing environments has accelerated the transition to Industry 4.0, but has also introduced new cybersecurity risks. This paper conducts a comprehensive security analysis of a commercial smart air compressor, revealing critical vulnerabilities including hardcoded credentials, unauthenticated APIs, and an insecure update mechanism. It includes a formal threat model, demonstrates practical attack scenarios in a testbed environment, and evaluates their subsequent impact on an industrial process, leading to denial of service and the corruption of critical process telemetry. In addition, an analysis of the device's supply chain reveals how product integration from multiple vendors and limited security considerations can expose a device to threats. The findings underscore the necessity of incorporating cybersecurity principles into both IIoT device design and supply chain governance to enhance resilience against emerging industrial cyber threats.

翻译：工业物联网设备在制造环境中的集成加速了向工业4.0的转型，但也引入了新的网络安全风险。本文对一款商用智能空气压缩机进行了全面的安全分析，揭示了包括硬编码凭证、未认证API和不安全更新机制在内的关键漏洞。研究构建了形式化威胁模型，在测试平台环境中演示了实际攻击场景，并评估了其对工业流程的后续影响——可导致拒绝服务及关键流程遥测数据损坏。此外，通过对设备供应链的分析，揭示了来自多个供应商的产品集成与有限的安全考量如何使设备暴露于威胁之中。研究结果强调了将网络安全原则纳入工业物联网设备设计和供应链治理的必要性，以增强对新兴工业网络威胁的抵御能力。