[Ics-security] Fwd: ICS-ALERT-12-097-01, -02 - WAGO IPC & 3S CoDeSys Vulnerabilities

Kelly Mahoney mahoney at jlab.org
Fri Apr 6 19:38:50 EDT 2012 

IPC=Industrial PC.   More automation companies are using IPCs running a 
PLC software development and PLC emulation programs like CoDeSys with 
Linux as the host OS.

Wago manufacturers I&C connectivity solutions like terminal blocks, DIN 
rail mounted I&C infrastructure and, more recently,  compact industrial 
automation and network infrastructure (think Phoenix blocks).   Knowing 
Wago, the product mentioned is likely a re-brand of a generic PLC.
This begs the question - what other re-branded PLCs have the same issue?
Not sure if there are any at JLab.

Many PLCs, HMIs, and programming software more than a year old are 
showing up with hard-coded user credentials.

In addition to Wago, CoDeSys is used to program products from Beck, 
Sontheim, Brunner, Kuhnke, SETEX, Volkel, Eaton Automation, Lenze, 
Messing, Owen, Hilsher, Biviator, cpa Computer Process Automation, E. 
Dodd, and TRsystems.


KM

ICS-CERT has released the Alert titled "ICS-ALERT-12-097-01– WAGO IPC Multiple Vulnerabilities" that can be accessed at www.ics-cert.org or directly through the following link:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-097-01.pdf.
ICS-CERT has released the Alert titled "ICS-ALERT-12-097-02– 3S-Software CoDeSys Improper Access Control" that can be accessed at www.ics-cert.org or directly through the following link:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-097-02.pdf.
ICS-ALERT-12-097-01– WAGO IPC Multiple Vulnerabilities
Summary
ICS-CERT is aware of a public report of multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC). According to this report, an attacker could exploit these vulnerabilities to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code. The“Improper Access Control” vulnerability is the same vulnerability identified in ICS-ALERT-12-097-02—3S Software CoDeSys Improper Access Control. This report was released by Reid Wightman, Digital Bond, without coordination with either the vendor or ICS-CERT.

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

The report included vulnerability details for the following vulnerabilities:

Hard-coded Password
Exploitability:   Remote
Impact: Loss of integrity

Improper Access Control
Exploitability:   Remote
Impact: Loss of integrity, possible arbitrary code execution
===============================================
ICS-ALERT-12-097-02– 3S-Software CoDeSys Improper Access Control
Summary
ICS-CERT is aware of a public report of improper access control vulnerability affecting 3S-Software CoDeSys. CoDeSys is a third party product used on programmable logic controllers and engineering workstations. According to this report, an attacker can upload unauthenticated configuration changes to the PLC which may include arbitrary code. This report was released by Reid Wightman, Digital Bond, without coordination with either the vendor or ICS-CERT.

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

The report included vulnerability details for the following vulnerability:

Improper Access Control
Exploitability:   Remote
Impact: Loss of integrity
================================================
Please report any issues affecting control systems in critical infrastructure environments to ICS-CERT.
Mitigation
ICS-CERT is currently coordinating with the vendor and security researcher to identify mitigations.

ICS-CERT Operations Center
1-877-776-7585
ics-cert at dhs.gov
  www.ics-cert.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/ics-security/attachments/20120406/2b32d4ca/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mahoney.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/ics-security/attachments/20120406/2b32d4ca/attachment.vcf

More information about the ICS-Security mailing list