Security News > 2020 > May > Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks

Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22's SoftPAC virtual programmable automation controller expose operational technology networks to attacks.
SoftPAC has three main components: Monitor, Agent and the virtual controller itself.
"Since the protocol used by SoftPAC Agent does not require any form of authentication, a remote attacker could potentially mimic SoftPAC Monitor, establish a remote connection, and execute start/stop service or firmware update commands. While an attacker could use start/stop commands to cause costly and potentially dangerous operational changes, the firmware update command is an area of even greater concern," Claroty explained in a blog post.
"After initiating a connection with SoftPAC Agent, Claroty researchers used this connection to check whether SoftPAC PLC was currently running," Claroty said.
"Next, they sent a stop command to SoftPAC Agent to stop SoftPAC PLC. After stopping the PLC, they sent a firmware update command containing a network path to a malicious zip file. SoftPAC Agent extracted the zip file and dropped the malicious dynamic-link library file it contained and placed in the same directory as SoftPAC's executable. After delivering the malicious file, Claroty researchers sent a command to restart SoftPAC PLC, causing the malicious DLL to load, thus executing the code with SYSTEM privileges."
News URL
Related news
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Airplay-enabled devices open to attack via “AirBorne” vulnerabilities (source)
- SonicWall: SMA100 VPN vulnerabilities now exploited in attacks (source)