Security News > 2020 > May > Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks
Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22's SoftPAC virtual programmable automation controller expose operational technology networks to attacks.
SoftPAC has three main components: Monitor, Agent and the virtual controller itself.
"Since the protocol used by SoftPAC Agent does not require any form of authentication, a remote attacker could potentially mimic SoftPAC Monitor, establish a remote connection, and execute start/stop service or firmware update commands. While an attacker could use start/stop commands to cause costly and potentially dangerous operational changes, the firmware update command is an area of even greater concern," Claroty explained in a blog post.
"After initiating a connection with SoftPAC Agent, Claroty researchers used this connection to check whether SoftPAC PLC was currently running," Claroty said.
"Next, they sent a stop command to SoftPAC Agent to stop SoftPAC PLC. After stopping the PLC, they sent a firmware update command containing a network path to a malicious zip file. SoftPAC Agent extracted the zip file and dropped the malicious dynamic-link library file it contained and placed in the same directory as SoftPAC's executable. After delivering the malicious file, Claroty researchers sent a command to restart SoftPAC PLC, causing the malicious DLL to load, thus executing the code with SYSTEM privileges."