Multiple security flaws have been discovered in CODESYS automation software and the WAGO programmable logic controller (PLC) platform that may be remotely abused to take control of a company’s cloud operational technology (OT) infrastructure, according to cybersecurity researchers. CODESYS is a programming environment for controller applications that makes it simple to configure PLCs in industrial control systems. The WAGO PFC100/200 is a family of PLCs that use the CODESYS platform for programming and configuration. CODESYS software is used by automotive-related businesses like WAGO, Beckhoff, Kontron, Moeller, Festo, and Mitsubishi to program and configure their controllers.
According to Claroty, a New York-based industrial security firm, the weaknesses may be transformed into new assaults that might put threat actors in position to remotely manipulate a company’s cloud OT implementation, and endanger any industrial process monitored from the cloud. They can be used to target a cloud-based management console from a compromised field device or take over a company’s cloud and attack PLCs and other devices to disrupt operations.
The newly listed vulnerabilities have scored above 7.5 on the Common Vulnerability Scoring System (CVSS) scale:
- CVE-2021-29238 (CVSS score: 8.0) – Cross-site request forgery in CODESYS Automation Server
- CVE-2021-29240 (CVSS score: 7.8) – Insufficient Verification of Data Authenticity in CODESYS Package Manager
- CVE-2021-29241 (CVSS score: 7.5) – Null pointer dereference in CODESYS V3 products containing the CmpGateway component
- CVE-2021-34569 (CVSS score: 10.0) – WAGO PFC diagnostic tools – Out-of-bounds write
- CVE-2021-34566 (CVSS score: 9.1) – WAGO PFC iocheckd service “I/O-Check” – Shared memory buffer overflow
- CVE-2021-34567 (CVSS score: 8.2) – WAGO PFC iocheckd service “I/O-Check” – Out-of-bounds read
- CVE-2021-34568 (CVSS score: 7.5) – WAGO PFC iocheckd service “I/O-Check” – Allocation of resources without limits
Written by Nishat Mowla