Security News > 2021 > July > Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems
The researchers showed how an attacker could go from the cloud-based management console to all managed endpoint devices, and also from the endpoint devices to the management console.
In the first attack, the attacker obtains unauthorized access to the account of a management console operator using stolen credentials or exploits.
"Once attackers gain access to the cloud-based management console, they have a wide attack surface to work with," Claroty researchers explained in a blog post.
In the second scenario described by Claroty, the attacker goes from a single compromised PLC to the cloud-based management console, from where they can target other managed endpoints.
The researchers showed how an attacker could hijack a WAGO PLC by exploiting an unauthenticated remote code execution vulnerability they discovered, then use the integrated CODESYS WebVisu feature to add a new user to the management platform, and leverage that account to take over the CODESYS Automation Server instance.
Claroty has provided some high-level recommendations that industrial organizations should follow to minimize the risk of attacks.