• Latest
  • Trending
Researchers Find Critical Security Flaws in CoDeSys Automation Software

Researchers Find Critical Security Flaws in CoDeSys Automation Software

June 28, 2022
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 4 June, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Researchers Find Critical Security Flaws in CoDeSys Automation Software

by ITECHNEWS
June 28, 2022
in Infosec, Leading Stories
0 0
0
Researchers Find Critical Security Flaws in CoDeSys Automation Software

Chinese cybersecurity firm NSFOCUS spotted 11 critical security flaws in the CoDeSys automation software.

According to an advisory by the security experts, the vulnerabilities could be exploited to gain unauthorized access to company resources or carry out denial-of-service (DoS) attacks.

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

“These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, [programmable logic controllers] (PLCs) entering a severe fault state, and arbitrary code execution,” reads the document.

“In combination with industrial scenarios on [the] field, these vulnerabilities could expose industrial production to stagnation, equipment damage, etc.”

NSFOCUS said it first disclosed the flaws to CoDeSys between September 2021 and January 2022. CoDeSys then released a patch last week, described in two separate advisories.

Of the 11 flaws found by NSFOCUS, the advisories released by the company rate two of them as Critical, seven as High and two as Medium in terms of severity.

For context, the two Critical flaws mentioned in the document have a common vulnerability scoring system (CVSS) of 9.8. The first one refers to the cleartext use of passwords used to authenticate before carrying out operations on the PLCs, while the second describes a failure to activate password protection as a default option in the CoDeSys Control runtime system.

Exploiting these two flaws may allow malicious actors to gain control of the target PLC device or download a rogue project to a PLC and then execute arbitrary code.

The other flaws discovered by NSFOCUS may mainly lead to DoS conditions.

While CoDeSys has released patches for all these vulnerabilities, NSFOCUS said many vendors who use CoDeSys V2 runtime have not yet updated their software to the latest version.

“Factories using these affected products are still [at] serious risk,” NSFOCUS wrote.

This is not the first time vulnerabilities have been found in the CoDeSys software. A decade ago, a backdoor was found in the software that granted command shell access to anyone who knew the correct syntax

Source: Alessandro Mascellino Freelance Journalist
Via: Infosecurity Magazine
Tags: Researchers Find Critical Security Flaws in CoDeSys Automation Software
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version