Security News

Web-based PLC malware: A new potential threat to critical infrastructure
2024-03-07 11:45

"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.

Microsoft ICSpector: A leap forward in industrial PLC metadata analysis
2023-12-14 04:30

Please turn on your JavaScript for this page to function normally. Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files.

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities
2023-12-04 13:46

Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers, US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs. CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs. The agency has advised them to change the default password and port used by the PLC, disconnect it from the open internet or secure remote access by using firewall, VPN and multi-factor authentication, create configuration backups, and update the PLC/HMI to the latest available version.

CISA urges water facilities to secure their Unitronics PLCs
2023-11-30 15:01

News that Iran-affiliated attackers have taken over a programmable logic controller at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. "The cyber threat actors likely accessed the affected device-a Unitronics Vision Series PLC with a Human Machine Interface-by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet," the Cybersecurity and Infrastructure Security Agency noted. Finally, CISA says, organizations should back up the logic and configurations on any Unitronics PLCs, so that "In the event of being hit by ransomware", they can quickly reset the devices and restore the configurations.

Hackers breach US water facility via exposed Unitronics PLCs
2023-11-29 18:07

CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could have severe repercussions, such as water supply contamination through manipulating the device to alter chemical dosing.

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
2023-11-29 13:02

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers...

Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants'
2023-08-11 19:40

Fifteen bugs in Codesys' industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed. In a report and more published on GitHub, Microsoft threat intel specialist Vladimir Tokarev says the Windows giant - no stranger to security holes, cough - disclosed details of vulnerabilities in the Codesys V3 SDK to the Germany-based vendor in September 2022.

Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
2023-08-11 14:33

Millions of PLC used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution and denial of service attacks. Over 500 device manufacturers use the CODESYS V3 SDK for programming on more than 1,000 PLC models according to the IEC 61131-3 standard, allowing users to develop custom automation sequences.

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
2023-02-16 13:18

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 and CVE-2022-45789, are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL. Successful exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-service, or disclosure of sensitive information.

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)
2023-01-12 15:29

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. Exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules.