21 July 2021, Kathmandu
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities affecting the CODESYS automation software and the WAGO Programmable Logic Controller (PLC) platform. These vulnerabilities can be remotely exploited to control the company’s operational technology (OT) infrastructure in the cloud.
These issues could convert into creative attacks which enable malicious actors to remotely control the enterprise’s cloud OT implementation as well as threaten any industrial process managed from the cloud,” the company said. New York-based industrial security Claroty reports. Share with The Hacker News, adding that “they can be used to target cloud-based management consoles from infected field devices, or to control the company’s cloud and attack PLCs and other devices to disrupt operations.”
In nature, this can happen in two ways: “bottom-up” or “top-down.” These two methods imitate the path that an attacker might take to control the PLC endpoints, ultimately harming the cloud-based management console, and vice versa, controlling the cloud to manipulate all networked field devices. In the complex “bottom-up” Claroty The designed exploit chain is a combination of CVE202134566, CVE202134567, and CVE202129238, which is used to obtain remote code execution in WAGO PLC, just to access the human-machine interface CODESYS WebVisu and perform cross-site request forgery (CSRF) attacks to control the CODESYS automation server instance.
On the other hand, another “top-down” attack scenario involves the implementation of a malicious packet (CVE202129240) to compromise the CODESYS engineering station, which is designed to filter the cloud credentials associated with an operator account and then use it to manipulate. Program logic does not restrict access to all connected PLCs.