RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

CoDeSys

Product
Developers: 3S-Smart Software Solutions
Last Release Date: 2021/08/19
Technology: IB - Encryption tools,  Application development tools

Content

Main article: Cryptography

CoDeSys is hardware-independent software, which is a development environment for programming controller applications in accordance with the industrial automation standard IEC 61131-3.

2021: Eliminate the vulnerability that allows an attacker to disable the PLC

On August 19, 2021, 3S-Smart Software Solutions announced that it had fixed a vulnerability in the CODESYS V3 Runtime System industrial automation software complex identified by Positive Technologies expert Denis Goryushev. CODESYS V3 Runtime System is part of CODESYS, a hardware-independent software development environment for programming controller applications in accordance with the industrial automation standard IEC 61131-3. The company's products for August 2021 are installed in more than 400 industrial companies in more than a dozen countries, including Russia.

In the CODESYS V3 Runtime System (version 3.15.9.10), a high-risk vulnerability was discovered that received the ID CVE-2021-36764. This vulnerability allows the attacker to disable the PLC (programmable logic controller) and, as a result, disrupt the technological process. The error is contained in the CmpGateway component and belongs to the NULL pointer dereference vulnerability class. An attacker with network access to an industrial controller can send a specially formed TCP packet and interrupt the PLC. Also in this software, a second vulnerability of the local privilege enhancement class was discovered, which as of August 2021 is under consideration by the vendor.

File:Aquote1.png
CODESYS products are distributed worldwide, including Russia. One of our partners on their basis creates fire automation systems used in power plants. If hackers exploit this vulnerability and disrupt the fire extinguishing system, then in the event of a fire it is fraught with huge losses (for example, if the fire reaches the turbine workshop), says Arthur Akhatov, analyst at the Positive Technologies industrial control systems safety department.
File:Aquote2.png

{{quote 'The study version has been in the public domain for a long time - it is strange that none of the experts has yet found this vulnerability. This is a simple logical error associated with the lack of verification of the transmitted values: you can send a specially formed request that controls the connection, which will lead to access to a zero address and denial of service, "comments Denis Goryushev, specialist in the application analysis department of Positive Technologies.

The vulnerability was revealed in March 2021, and in just four months CODESYS managed to release the patch. To eliminate the vulnerability, you must install the latest version of the software, available on the official CODESYS website. Continuous security monitoring and information security incident management systems of industrial systems, in particular PT Industrial Security Incident Manager, will help detect intrusion signs (for example, if the update cannot be installed).}}

2017: Critical vulnerabilities jeopardize hundreds of thousands of industrial systems

In April 2017, it became known that a huge number of industrial IoT devices and process control systems were vulnerable to hacker attacks. The reason is critical gaps in the popular process automation software CoDeSys manufactured by the German company 3S-Smart Software Solutions. Experts suggest that installing patches on all equipment will take a long time, since, according to SecurityWeek, the problem concerns hundreds of thousands of devices.

One of the vulnerabilities - CVE-2017-6027 - allows downloading arbitrary files to the CoDeSys Web Server; to do this, you need to send a specially formed request to the server. As a result, it becomes possible to run arbitrary code on the server.[1]

Hundreds of thousands of industrial IoT devices and manufacturing process management systems are vulnerable to hacking

The second vulnerability - CVE-2017-6025 - is associated with buffer overflow. It has become possible due to the lack of verification of the number of characters in requests for functions that process XML before they are copied to memory. An attacker can use this to cause the application to "fall," or to run arbitrary code.

Both vulnerabilities affect the web server software component of visualization software CoDeSys WebVisu (Web Server versions 2.3 and earlier). Vulnerability discovered by a startup CyberX specializing in the safety of industrial systems. As the company's experts explained, there are several scenarios for the possible operation of these vulnerabilities at once.

For example, an attacker can use a Shodan search engine to search for vulnerable systems available from the Internet, and then attack in the manner described above. In addition, an attacker can load an exploit from a flash drive or remotely compromise the enterprise network, through it gain access to the network for managing production facilities and from there already attack industrial controllers. There are also many options for what an attacker can after a successful primary attack.

An attacker can exploit vulnerabilities for installing backdoors in order to conduct cyber-espionage activities with their help, load ransomware encrypters into systems, or carry out cyber work that will lead to a production halt or to catastrophic security violations and environmental damage, experts explain.

According to CyberX, CoDeSys developers quickly released a patch. However, this system is used in hundreds of third-party software developments, and installing a patch on them can be difficult.

Each manufacturer will have to first install the patch CoDeSys on their own code, then recompile their software shell, and only then forward the updated version to the end users. Patch CoDeSys cannot be installed by end users themselves. Most devices require "re-letting," a process that requires more time and effort than standard software updates on smartphones or personal computers, the CyberX said.[2]

File:Aquote1.png
Updating industrial control systems is really a difficult process, and the more problems create vulnerabilities in their software components, "says Ksenia Shilak, sales director at SEC-Consult Rus. - Unfortunately, developers of "industrial" software make no less mistakes than developers of programs of general orientation, so that industrial systems require today additional protection measures and regular verification.
File:Aquote2.png

2011: CoDeSys 3.5

According to November 2011, the version of CoDeSys 3.5 in combination with hardware protection CmDongle (CodeMeter technology) from WIBU-SYSTEMS allows manufacturers of automation systems to effectively protect their developments based on the IEC 61131-3 standard from piracy.

The new Industrial Security System includes additional security features "Signed Application" and "Encrypted Communication" between the PC and programmable logic controllers. Security CoDeSys also has integrated user administration tools, which eliminates the possibility of attackers using PLCs for their own purposes.

With the additional features of CodeMeter technology integrated into the CoDeSys, equipment manufacturers can easily create and deliver the necessary licenses for their customers, as well as use new business models for PLCs, such as "Charge-for-use" or "Functions-on-demand." Software protection with hardware keys is CmDongle characterized by efficient license management and ease of use, since all information is available at any time and anywhere. All CoDeSys security features are optional and can be used autonomously.

File:Aquote1.png
Oliver Winzenried, CEO of WIBU-SYSTEMS, noted: "Our collaboration with 3S-Smart Software Solutions GmbH was aimed at developing a high-performance solution for protecting software products and know-how in the field of automation. As a basis, we took the hardware key CmDongle, which provides a high level of security and at the same time has various form factors, such as CF and SD cards, which are easy to modify into existing PLCs.
File:Aquote2.png

2010

3S-Smart Software Solutions with CoDeSys is one of the leading providers of software development tools for programmable logic controllers (PLCs) in IEC 61131-3 languages. Applications developed using the CoDeSys tool are widely used in many areas: mobile applications, mechanics, energy, engineering systems, management, etc.

Programmable logic controllers (PLCs) are specialized devices used to automate processes in. industries

Notes