#PLCSecurity

Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks

by

August 29, 2024 at 08:06AM Nozomi Networks discovered vulnerabilities in Beckhoff Automation’s TwinCAT/BSD operating system. The Device Manager component has four vulnerabilities, including ‘high severity’ flaws that can be exploited for authentication bypass and cross-site scripting attacks, potentially compromising the PLC administrator’s password. There are also ‘medium severity’ vulnerabilities allowing for PLC denial of service … Read more

Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers 

by

August 2, 2024 at 08:12AM Rockwell Automation’s Logix programmable logic controllers (PLCs) were found to have a high-severity security bypass vulnerability by Claroty. The flaw, tracked as CVE-2024-6242, impacts ControlLogix 1756 devices and other controllers. Both Rockwell and CISA issued advisories and released patches. Exploitation requires network access to the targeted device, presenting serious implications. … Read more

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

by

May 22, 2024 at 08:42AM Rockwell Automation urges customers to disconnect industrial control systems not meant for public internet access due to heightened geopolitical tensions and cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency supports this action, warning of malicious actors targeting operational technology assets. Research also highlights the susceptibility of PLCs to web-based … Read more

Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure

by

March 5, 2024 at 02:55PM The proliferation of programmable logic controllers (PLCs) with embedded Web servers has enabled remote attacks on industrial control systems. A team at the Georgia Institute of Technology has developed Web-based malware to exploit PLCs, manipulatively controlling physical systems and posing severe threats to critical infrastructure and safety. The method provides … Read more

Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers

by

March 4, 2024 at 07:18AM A team of Georgia Tech researchers developed web-based PLC malware, IronSpider, targeting modern PLCs such as Wago, Siemens, and others. This malware exploits web APIs, can persist through updates and hardware replacements, and has potential for real-time data exfiltration and destruction of industrial processes. The researchers also proposed a vendor-agnostic … Read more

Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

by

November 30, 2023 at 01:46PM Over a decade after the Stuxnet attack, PLCs remain vulnerable due to users not implementing security controls or firmware updates. Researchers bypassed Siemens’ protocol obfuscation, exposing risks in legacy systems. Siemens advises upgrading to newer firmware with TLS and applying stronger security protocols. Meeting Takeaways: 1. Vulnerability to Stuxnet: – … Read more

Hackers breach US water facility via exposed Unitronics PLCs

by

November 29, 2023 at 01:13PM CISA alerts of a cyber intrusion at a U.S. water facility via internet-exposed Unitronics PLCs, without harming drinking water. The agency advises replacing default passwords, using MFA, disconnecting PLCs from the internet, using firewalls, backing up systems, changing ports, and updating firmware to bolster security. Key Takeaways from Meeting Notes: … Read more

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

by

October 25, 2023 at 11:15AM A new project presented at the SecurityWeek ICS Cybersecurity Conference aims to assist PLC programmers in implementing secure coding practices. The project analyzes and catalogues useful files and functions from different PLC vendors to provide easy-to-digest information on vendor-specific secure coding practices. Currently, the project covers products from Schneider Electric, … Read more