thehackernews.com Open in urlscan Pro
2606:4700:20::ac43:4615  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.google.com/cse

<form action="https://www.google.com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text">
  <input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>

Name: f1 — POST https://inl02.netline.com/rssnews0001/

<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
  <div class="email-box-h3">Cybersecurity Newsletter — Stay Informed</div>
  <p>Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.</p>
  <div class="email-input">
    <input name="_submit" type="hidden" value="0001">
    <input id="brand" name="brand" type="hidden" value="thehackernews">
    <div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email">Email</label><input
      class="text" id="input-email" name="email" placeholder="Enter your email address" required="" type="email">
    <button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
  </div>
</form>

Text Content

Follow us    


 Subscribe to Newsletter
 *  Home
 *  Newsletter
 *  Offers

 * Home
 * Data Breaches
 * Cyber Attacks
 * Vulnerabilities
 * Malware
 * Offers
 * Contact





Resources
 * THN Store
 * Free eBooks
 * Freebies
 * RSS Feeds

About Site
 * About Us
 * Our Team
 * Jobs
 * Advertise With Us


Contact/Tip Us

Reach out to get featured—contact us to send your exclusive story idea,
research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media
    
 RSS Feeds  Email Alerts  Telegram Channel



10 CRITICAL FLAWS FOUND IN CODESYS INDUSTRIAL AUTOMATION SOFTWARE

June 04, 2021Ravie Lakshmanan

Cybersecurity researchers on Thursday disclosed as many as ten critical
vulnerabilities impacting CODESYS automation software that could be exploited to
achieve remote code execution on programmable logic controllers (PLCs).

"To exploit the vulnerabilities, an attacker does not need a username or
password; having network access to the industrial controller is enough,"
researchers from Positive Technologies said. "The main cause of the
vulnerabilities is insufficient verification of input data, which may itself be
caused by failure to comply with the secure development recommendations."

The Russian cybersecurity firm noted that it detected the vulnerabilities on a
PLC offered by WAGO, which, among other automation technology companies such as
Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, use CODESYS
software for programming and configuring the controllers.

CODESYS offers a development environment for programming controller applications
for use in industrial control systems. The German software company credited
Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, and Sergey
Fedonin of Positive Technologies and Yossi Reuven of SCADAfence for reporting
the flaws.



Six of the most severe flaws were identified in the CODESYS V2.3 web server
component used by CODESYS WebVisu to visualize a human-machine interface (HMI)
in a web browser. The vulnerabilities could potentially be leveraged by an
adversary to send specially-crafted web server requests to trigger a
denial-of-service condition, write or read arbitrary code to and from a control
runtime system's memory, and even crash the CODESYS web server.

All the six bugs have been rated 10 out of 10 on the CVSS scale —

 * CVE-2021-30189 - Stack-based Buffer Overflow
 * CVE-2021-30190 - Improper Access Control
 * CVE-2021-30191 - Buffer Copy without Checking Size of Input
 * CVE-2021-30192 - Improperly Implemented Security Check
 * CVE-2021-30193 - Out-of-bounds Write
 * CVE-2021-30194 - Out-of-bounds Read

Separately, three other weaknesses (CVSS scores: 8.8) disclosed in the Control
V2 runtime system could be abused to craft malicious requests that may result in
a denial-of-service condition or being utilized for remote code execution.

 * CVE-2021-30186 - Heap-based Buffer Overflow
 * CVE-2021-30188 - Stack-based Buffer Overflow
 * CVE-2021-30195 - Improper Input Validation

Lastly, a flaw found in the CODESYS Control V2 Linux SysFile library
(CVE-2021-30187, CVSS score: 5.3) could be used to call additional PLC
functions, in turn allowing a bad actor to delete files and disrupt critical
processes.



"An attacker with low skills would be able to exploit these vulnerabilities,"
CODESYS cautioned in its advisory, adding it found no known public exploits that
specifically target them.

"Their exploitation can lead to remote command execution on PLC, which may
disrupt technological processes and cause industrial accidents and economic
losses," said Vladimir Nazarov, Head of ICS Security at Positive Technologies.
"The most notorious example of exploiting similar vulnerabilities is by using
Stuxnet."

The disclosure of the CODESYS flaws comes close on the heels of similar issues
that were addressed in Siemens SIMATIC S7-1200 and S7-1500 PLCs that could be
exploited by attackers to remotely gain access to protected areas of the memory
and achieve unrestricted and undetected code execution.



Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn
to read more exclusive content we post.

SHARE     
Share
Tweet
Share
Share
 Share on Facebook Share on Twitter Share on Linkedin Share on Reddit
Share on Hacker News Share on Email Share on WhatsApp Share on Facebook
Messenger Share on Telegram
Comments
SHARE 
ICS Security, Industrial Automation, PLC Chip, Software, Vulnerability
Popular This Week
IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps
Security
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac
Devices
New Python-based Ransomware Targeting JupyterLab Web Notebooks
Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Comments



Latest Stories

Other Stories
Make software security a priority in 2022
Learn more about how security-aware developers represent a vast and largely
untapped resource that can support cyber defenses.
Uncover the secure developer inside every coder
Empower developers to deliver secure coding that is intrinsic to their daily
process.
Java Spring Framework 0-Day Bug Threatens Enterprise Security
Maintainers of Spring Framework have released an emergency patch to address RCE
flaw.
Learn Hacking Skills with 9 Python Courses
Get this video training with lifetime access today for just $39!
Online Courses and Software
A to Z Cybersecurity Certification Training
Get Paid to Hack Computer Networks When You Become a Certified Ethical Hacker.
CompTIA Campus Premium
One-Stop-Shop for All CompTIA Certifications! Get 1-Yr Access to Courses, Live
Hands-On Labs, Practice Exams and Updated Content
Network, Security and Ethical Hacking
Your 28-Hour Roadmap as an Ultimate Security Professional — Master Network
Monitoring, PenTesting, and Routing Techniques and Vulnerabilities
Complete Linux Certification Training
Know Your Way Around Networks and Client-Server Linux Systems — Techniques,
Command Line, Shell Scripting, and More
Cybersecurity Newsletter — Stay Informed

Sign up for cybersecurity newsletter and get latest news updates delivered
straight to your inbox daily.


Email
Follow Us

780,100 Followers

1,985,000 Followers

301,500 Followers

19,500 Subscribers

125,500 Followers
About
 * About Us
 * Advertising
 * Editorial Team
 * Contact

Pages
 * RSS Feeds
 * Deals Store
 * Privacy Policy
 * Jobs

Deals
 * Exclusives
 * Hacking
 * Development
 * Android

 RSS Feeds
 Contact Us
 Telegram Channel
© The Hacker News, 2022. All Rights Reserved.