10 Major Vulnerabilities Identified in CODESYS Industrial Automation Software

Cybersecurity researchers revealed ten significant flaws in CODESYS automation software that could allow remote code execution on programmable logic controllers (PLCs). According to experts from Positive Technologies, an attacker requires only network access to exploit these vulnerabilities—no username or password is necessary. The root cause lies in inadequate input data verification, often due to non-adherence to secure development practices. The Russian cybersecurity firm identified these flaws in a PLC produced by WAGO, which, along with other automation companies like Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, utilizes CODESYS software for programming and configuring their controllers. CODESYS provides a development environment for programming controller applications.

Critical Vulnerabilities Discovered in CODESYS Automation Software

On June 4, 2021, cybersecurity experts released alarming findings regarding multiple vulnerabilities in CODESYS industrial automation software. These vulnerabilities, numbering up to ten, pose significant risks as they can potentially be exploited to enable remote code execution on programmable logic controllers (PLCs). According to researchers from Positive Technologies, the assessments reveal that these exploits can be carried out without requiring any username or password; mere network access to the industrial controller is sufficient for an attacker.

The underlying problem stems from inadequate input data verification. This shortcoming appears to arise from a lack of compliance with secure development practices, which are essential in today’s threat landscape. Such failures in security protocols could lead to severe consequences, placing operational environments at risk of unauthorized access and control.

Among the affected systems, researchers identified vulnerabilities on PLCs manufactured by WAGO. These findings are particularly concerning since various automation technology companies, including Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, rely on CODESYS software for programming and configuring their controllers. The widespread use of this software in industrial environments amplifies the potential impact of these vulnerabilities.

Furthermore, the implications for operational technology (OT) environments are profound, with such vulnerabilities creating avenues for attackers to exploit industrial controls. Given the critical nature of the systems involved, the risk extends beyond standard data breaches; it potentially endangers safety and productivity across affected facilities.

Investigating this incident through the lens of the MITRE ATT&CK framework provides valuable insights into the tactics and techniques that could be at play. Initial access could be achieved through compromised network access, and persistence may be established by manipulating the PLCs themselves. Furthermore, privilege escalation could facilitate greater control over the system, thereby enhancing the gravity of an attack.

As organizations increasingly automate processes and integrate technology, understanding these vulnerabilities becomes paramount. It serves as a cautionary reminder for business owners to prioritize cybersecurity in their operational frameworks, ensuring compliance with secure development guidelines to mitigate such risks.

In light of these developments, vigilance and proactive measures are crucial. Companies must enhance their security postures and revisit their incident response strategies in a landscape where even established software can be susceptible to critical flaws. Continuous monitoring and assessment, informed by the latest intelligence, will be essential in safeguarding against potential exploitation of such vulnerabilities in the future.

Source link

Related Posts

Cisco Issues Security Updates for Critical Vulnerabilities in Its Products

February 26, 2021

Cisco has released a critical security patch for a severe vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw potentially enables unauthenticated remote attackers to bypass authentication on compromised devices. According to a recent advisory from the company, “An attacker could exploit this vulnerability by sending a crafted request to the affected API.” A successful exploit could allow the attacker to obtain a token with administrator-level privileges, enabling authentication to the affected MSO and Cisco Application Policy Infrastructure Controller (APIC) devices. Identified as CVE-2021-1388, this vulnerability scores a 10 (out of 10) on the CVSS vulnerability scale and arises from improper token validation in an API endpoint of the Cisco ACI MSO installed on the Application Services Engine. It impacts ACI MSO versions running on the 3.0 software release. The ACI Multi-Site Orchestrator enables customers to monitor and manage their network infrastructure effectively.

Updated ‘unc0ver’ Tool Now Jailbreaks All iPhone Models Running iOS 11.0 – 14.3

March 2, 2021

The popular jailbreaking tool “unc0ver” has received an update that allows it to jailbreak a wide range of iPhone models running iOS versions from 11.0 to 14.3. This update, known as unc0ver v6.0.0, leverages a kernel vulnerability, identified as CVE-2021-1782, which Apple acknowledged was actively exploited as of January. Lead developer Pwn20wnd announced the release on Sunday, emphasizing that the tool can now unlock devices across various iOS versions, including 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3. The vulnerability allows malicious apps to escalate their privileges due to a race condition in the kernel. According to Pwn20wnd, “We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability.” Apple has since addressed this flaw in its updates for iOS and iPadOS 14.

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.