3S-Software Bugs Reported

Monday, October 29, 2012 @ 09:10 AM gHale


There is an improper access control vulnerability affecting 3S-Software CoDeSys that could allow an attacker to upload unauthenticated configuration changes to a programmable logic controller (PLC), which may include arbitrary code.

CoDeSys is a third-party product used on PLCs and engineering workstations, according to a report on ICS-CERT. Researcher Reid Wightman released this report without coordination with either the vendor or ICS-CERT.

RELATED STORIES
Huge Number of Net-Facing Devices
Korenix Fixes Vulnerability
GE Mitigates Proficy Holes
SCADA Vulnerability Surfaces

The vendor is aware of the report and is looking into the remotely exploitable vulnerabilities. ICS-CERT issued this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The researchers publicly released two tools containing exploit code for these vulnerabilities. The first tool shows where an attacker could obtain a shell on the PLC. The second tool shows how an attacker could transfer arbitrary files to and from the PLC.

The report included vulnerability details for the following vulnerabilities:

The vulnerabilities include improper access control and a directory traversal, which could lead to a loss of integrity, confidentiality and availability.

3S has a Web site where asset owners can look up devices that uses CoDeSys.



Leave a Reply

You must be logged in to post a comment.