Critical infrastructure managing software vulnerable to Unauthorized access
Oct 25, 2012
Reid Wightman from security firm ioActive reported that there is an undocumented backdoor available in CoDeSys software that actually used to manage equipment in power plants, military environments, and nautical ships. The bug allow malicious hackers to access sensitive systems without authorization, Ars said. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering and There is absolutely no authentication needed to perform this privileged command, Reid mention. This software has been used in industrial control systems sold by 261 different manufacturers. 3S-Smart Software Solutions designs CoDeSys and recently issued an advisory that recommends users set a password, but he is able to develop two exploit shells , one is codesys-shell.py (to get the CoDeSys command shell without authentication) and other , codesys-transfer.py (read or w