#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

PLC Chip | Breaking Cybersecurity News | The Hacker News

Category — PLC Chip
10 Critical Flaws Found in CODESYS Industrial Automation Software

10 Critical Flaws Found in CODESYS Industrial Automation Software

Jun 04, 2021
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to achieve remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive Technologies  said . "The main cause of the vulnerabilities is insufficient verification of input data, which may itself be caused by failure to comply with the secure development recommendations." The Russian cybersecurity firm noted that it detected the vulnerabilities on a PLC offered by WAGO, which, among other automation technology companies such as Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, use CODESYS software for  programming and configuring  the controllers. CODESYS offers a development environment for programming controller applications for use ...
A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

May 31, 2021
Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There's no evidence that the weakness was abused in the wild. In an  advisory  issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. "Ach...
Don't Overlook These 6 Critical Okta Security Configurations

Don't Overlook These 6 Critical Okta Security Configurations

Feb 10, 2025Identity Security / Data Protection
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. Recently, Okta warned its customers of an increase in phishing social engineering attempts to impersonate Okta support personnel. Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with how continuous monitoring of your Okta security posture helps you avoid miscon...
Expert Insights / Articles Videos
Cybersecurity Resources