ID: IRCNE2012101661
Date: 2012-10-30
According to "techworld", CoDeSys, a piece of software running on industrial control systems (ICS) from over 200 vendors contains a vulnerability that allows potential attackers to execute sensitive commands on the vulnerable devices without the need for authentication, according to a report from security consultancy Digital Bond.
The vulnerability was discovered by former Digital Bond researcher Reid Wightman as part of Project Basecamp, an ICS security research initiative launched by Digital Bond last year.
The vulnerability is located in the CoDeSys runtime, an application that runs on programmable logic controller (PLC) devices. PLCs are digital computers that control and automate electromechanical processes in power plants, oil and gas refineries, factories and other industrial or military facilities.
The CoDeSys runtime allows PLCs to load and execute so-called ladder logic files that were created using the CoDeSys development toolkit on a regular computer. These files contain instructions that affect the processes controlled by the PLCs.
The vulnerability and scripts were tested on only a handful of products from the 261 potentially affected vendors, Digital Bond founder and CEO Dale Peterson said Thursday in a blog post. One of those PLCs was running Linux on an x86 processor while another was running Windows CE on an ARM processor.
"This attack can be used not only to control the PLC but also to turn the PLC into an 'agent' to attack other devices in the network," Ruben Santamarta, a security researcher from security firm IOActive, said Friday via email.
The vulnerability is only exploitable by an attacker who already has access to the network where the PLC runtime operates, Schwellinger said. Runtime systems should not be accessible from the Internetunless additional protection is in place, he said.
Meanwhile, users of the affected products can implement network segmentation, access control lists, firewalls and intrusion prevention systems, Santamarta said.
- 5