Select Page
10 Critical Flaws Found in CODESYS Industrial Automation Software

10 Critical Flaws Found in CODESYS Industrial Automation Software

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs).

“To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough,” researchers from Positive Technologies said. “The main cause of the vulnerabilities is insufficient verification of input data, which may itself be caused by failure to comply with the secure development recommendations.”

The Russian cybersecurity firm noted that it detected the vulnerabilities on a PLC offered by WAGO, which, among other automation technology companies such as Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, use CODESYS software for programming and configuring the controllers.

CODESYS offers a development environment for programming controller applications for use in industrial control systems. The German software company credited Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, and Sergey Fedonin of Positive Technologies and Yossi Reuven of SCADAfence for reporting the flaws.

Six of the most severe flaws were identified in the CODESYS V2.3 web server component used by CODESYS WebVisu to visualize a human-machine interface (HMI) in a web browser. The vulnerabilities could potentially be leveraged by an adversary to send specially-crafted web server requests to trigger a denial-of-service condition, write or read arbitrary code to and from a control runtime system’s memory, and even crash the CODESYS web server.

images from Hacker News

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Google on Thursday said it’s rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago.

To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered “trusted.”

Currently, 75% of all add-ons on the platform are compliant, the company pointed out, adding “any extensions built by a developer who follows the Chrome Web Store Developer Program Policies, will be considered trusted by Enhanced Safe Browsing.”

Enhanced Safe Browsing involves sharing real-time data with Google Safe Browsing to proactively safeguard users against dangerous sites. The company also noted that its integration with Safe Browsing’s blocklist API helped improve privacy and security, with the number of malicious extensions disabled by the browser jumping by 81%.

 

images from Hacker News

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities

New upgrades have been made to a Python-based “self-replicating, polymorphic bot” called Necro in what’s seen as an attempt to improve its chances of infecting vulnerable systems and evading detection.

“Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code,” researchers from Cisco Talos said in a deep-dive published today.

Said to be in development as far back as 2015, Necro (aka N3Cr0m0rPh) targets both Linux and Windows devices, with heightened activity observed at the start of the year as part of a malware campaign dubbed “FreakOut” that was found exploiting vulnerabilities in network-attached storage (NAS) devices running on Linux machines to co-opt the machines into a botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency.

In addition to its DDoS and RAT-like functionalities to download and launch additional payloads, Necro is designed with stealth in mind by installing a rootkit that hides its presence on the system. What’s more, the bot also injects malicious code to retrieve and execute a JavaScript-based miner from a remote server into HTML and PHP files on infected systems.

images from Hacker News

The Vulnerabilities of the Past Are the Vulnerabilities of the Future

The Vulnerabilities of the Past Are the Vulnerabilities of the Future

Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical.

May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, like remote code execution and privilege escalation.

Microsoft isn’t the only big name regularly patching major vulnerabilities: We see monthly security updates coming from Apple, Adobe, Google, Cisco, and others.

Everything old is new again

With major vulnerabilities in so many applications, is there any hope for a secure future? The answer is, of course, yes, but that does not mean there won’t be challenges getting there.

The vulnerabilities being seen may not be new to those of us who have been defending against attackers for years or even decades, but the adversaries continually change their tactics.

It is not uncommon for them to use legitimate resources for nefarious purposes, and it may not always be possible to plan for this misuse when an application is being built.

images from Hacker News

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.

“Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module,” researchers from Israeli IoT security firm Vdoo said in a write-up published yesterday.

The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors.

The flaws affect all embedded and IoT devices that use the component to connect to Wi-Fi networks and would require an attacker to be on the same Wi-Fi network as the devices that use the RTL8710C module or know the network’s pre-shared key (PSK), which, as the name implies, is a cryptographic secret used to authenticate wireless clients on local area networks.

The findings follow an earlier analysis in February that found similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief among them being a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module without having to know the Wi-Fi network password.

images from Hacker News