Reid Wightman from security firm ioActive reported that there is an undocumented backdoor available in CoDeSys software that actually used to manage equipment in power plants, military environments, and nautical ships.
The bug allow malicious hackers to access sensitive systems without authorization, Ars said. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering and There is absolutely no authentication needed to perform this privileged command, Reid mention.
This software has been used in industrial control systems sold by 261 different manufacturers. 3S-Smart Software Solutions designs CoDeSys and recently issued an advisory that recommends users set a password, but he is able to develop two exploit shells , one is codesys-shell.py (to get the CoDeSys command shell without authentication) and other , codesys-transfer.py (read or write files to the PLC without authentication) which works fine without authentication.
This is another big security vulnerabilities that threaten power plants and other critical infrastructure both in the United States and elsewhere in the world. Wightman said a simple search using the Shodan, showed 117 devices directly connected to the Internet.
Wightman said that additional vulnerability details about issue and exploit code that automates the hack can be added to Metasploit framework.