#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

PLC Hacking | Breaking Cybersecurity News | The Hacker News

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Feb 16, 2023 Critical Infrastructure / Cybersecurity
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as  CVE-2022-45788  (CVSS score: 7.5) and  CVE-2022-45789  (CVSS score: 8.1), are part of a  broader collection  of  security defects  tracked by Forescout as OT:ICEFALL. Successful exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-service, or disclosure of sensitive information. The cybersecurity company said the shortcomings can be chained by a threat actor with known flaws from other vendors (e.g.,  CVE-2021-31886 ) to achieve deep lateral movement in operational technology (OT) networks. "Deep lateral movement lets attackers gain deep access to industrial control systems and cross often overlooked security perimeters, allowing them to perform highly granular and stealthy manipulations as well as override funct
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

Oct 12, 2022
A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related  TIA Portal , while bypassing all four of its  access level protections ," industrial cybersecurity company Claroty  said  in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier  CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (all
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel

Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel

Sep 12, 2022
A hacktivist collective called  GhostSec  has claimed credit for compromising as many as 55 Berghof programmable logic controllers ( PLCs ) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which  dug deeper  into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were secured by trivially guessable credentials. Details of the compromise first came to light on September 4 after GhostSec shared a video on its Telegram channel demonstrating a successful login to the PLC's admin panel, in addition to dumping data from the hacked controllers. The Israeli company said the system dumps and screenshots were exported directly from the admin panel following unauthorized access to the controllers through their public IP addresses. GhostSec (aka Ghost Security), first identified in 2015, is a self-proclaimed  vigilante group  that was initially formed
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

Aug 16, 2022
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers ( PLCs ) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed " Evil PLC " attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson. Programmable logic controllers are a crucial component of industrial devices that control manufacturing processes in critical infrastructure sectors. PLCs, besides orchestrating the automation tasks, are also configured to start and stop processes and generate alarms. It's hence not surprising that the entrenched access provided by PLCs have made the machines a focus of sophisticated attacks for more than a decade, starting from  Stuxnet to PIPEDREAM  (aka INCONTROLLER), with the goal of causing physical disruptions.  "The
Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

Jul 18, 2022
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson  said . "Further, the software was a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality's peer-to-peer botnet." The industrial cybersecurity firm said the password retrieval exploit embedded in the malware dropper is designed to recover the credential associated with Automation Direct  DirectLOGIC 06 PLC . The exploit, tracked as CVE-2022-2003 (CVSS score: 7.7), has been described as a case of cleartext transmission of sensitive data that could lead to information disclosure and unauthorized changes. The issue was  addressed  in firmware Version 2.72 rele
Critical Security Flaws Identified in CODESYS ICS Automation Software

Critical Security Flaws Identified in CODESYS ICS Automation Software

Jun 27, 2022
CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.  "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code execution," Chinese cybersecurity firm NSFOCUS  said . "In combination with industrial scenarios on the field, these vulnerabilities could expose industrial production to stagnation, equipment damage, etc." CODESYS is a  software   suite  used by automation specialists as a development environment for programmable logic controller applications ( PLCs ). Following responsible disclosure between September 2021 and January 2022, fixes were  shipped  by the German software company last week on June 23, 2022. Two of the bugs are rated as Critical, seven as High, and two as Me
Several New Critical Flaws Affect CODESYS Industrial Automation Software

Several New Critical Flaws Affect CODESYS Industrial Automation Software

Jul 21, 2021
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely control a company's cloud OT implementation, and threaten any industrial process managed from the cloud," the New York-headquartered industrial security company Claroty said in a report shared with The Hacker News, adding they "can be used to target a cloud-based management console from a compromised field device, or take over a company's cloud and attack PLCs and other devices to disrupt operations." CODESYS is a development environment for programming controller applications, enabling easy configuration of PLCs in industrial control systems. WAGO PFC100/200 is
Cybersecurity Resources