Security News > 2021 > July > Several New Critical Flaws Affect CODESYS Industrial Automation Software
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller platform that could be remotely exploited to take control of a company's cloud operational technology infrastructure.
The flaws can be turned "Into innovative attacks that could put threat actors in position to remotely control a company's cloud OT implementation, and threaten any industrial process managed from the cloud," the New York-headquartered industrial security company Claroty said in a report shared with The Hacker News, adding they "Can be used to target a cloud-based management console from a compromised field device, or take over a company's cloud and attack PLCs and other devices to disrupt operations."
In a complex "Bottom-up" exploit chain devised by Claroty, a mix of CVE-2021-34566, CVE-2021-34567, and CVE-2021-29238 were exploited to obtain remote code execution on the WAGO PLC, only to gain access to the CODESYS WebVisu human-machine interface and stage a cross-site request forgery attack to seize control of the CODESYS automation server instance.
An alternate "Top-down" attack scenario, on the other hand, involves compromising the CODESYS engineering station by deploying a malicious package that's designed to leak the cloud credentials associated with an operator account, and subsequently using it to tamper with the programmed logic and gain unfettered access to all the connected PLCs. "Organizations moving forward with cloud-based management of OT and ICS devices must be aware of the inherent risks, and increased threats from attackers keen on targeting industrial enterprises with extortion-based attacks-including ransomware-and more sophisticated attacks that can cause physical damage," Katz said.
The disclosures mark the second time critical flaws that have been uncovered in CODESYS and WAGO PLCs in as many months.
In June, researchers from Positive Technologies revealed ten critical vulnerabilities in the software's web server and runtime system components that could be abused to gain remote code execution on the PLCs. The development also comes a week after IoT security firm Armis disclosed a critical authentication bypass vulnerability affecting Schneider Electric Modicon PLCs - dubbed "ModiPwn" - that could be exploited to allow full control over the PLC, including overwriting critical memory regions, leaking sensitive memory content, or invoking internal functions.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/BnByrOj1RPU/several-new-critical-flaws-affect.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-09 | CVE-2021-34567 | Out-of-bounds Read vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 8.2 |
2022-11-09 | CVE-2021-34566 | Classic Buffer Overflow vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 9.1 |
2021-05-03 | CVE-2021-29238 | Cross-Site Request Forgery (CSRF) vulnerability in Codesys Automation Server CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | 6.8 |