Numerous Power Plants under hacking risk

Microsoft researchers discovered numerous vulnerabilities affecting Codesys PLC that risked power plants’ security with various attacks, such as shutdowns. Codesys released the patches for the flaws following the vulnerability disclosure.

Microsoft Reports Severe Codesys PLC Vulnerabilities

According to a recent report, Microsoft researcher Vladimir Tokarev identified fifteen security vulnerabilities affecting Codesys programmable logic controllers (PLC).

These vulnerabilities have received CVE numbers CVE-2022-47379 through CVE-2022-47393, all achieving a CVSS score of 8.8, leaving CVE-2022-47391 that appeared relatively less severe (CVSS 7.5). Exploiting these flaws could allow denial-of-service (DoS) attacks on vulnerable systems, which could eventually trigger power plant shutdowns. In addition, an attacker may achieve remote code execution, planting backdoors to steal data or meddle with devices’ operations.

However, Microsoft explained that exploiting these vulnerabilities in real-time required the attacker to have authenticated access and sound knowledge about the CODESYS V3 protocols and the structures using it.

The tech giant has listed and described these vulnerabilities in a separate post, besides sharing technical stuff on GitHub. In addition, they have demonstrated vulnerability exploitation.

Codesys Patched The Flaws

Microsoft discovered the Codesys vulnerabilities while analyzing Schneider Electric Modicon TM251 and WAGO PFC200 PLCs. Following this discovery, Microsoft reported the vulnerabilities to Codesys in September 2022. In response, Codesys patched the vulnerabilities with the latest firmware releases.

Codesys boasts a wide range of users in its customer base looking for industrial automation, including energy automation, factory automation, process automation, and more. Hence, any vulnerabilities affecting Codesys PLC SDK mean a huge security risk to a large number of industries globally.

Now that the flaws have received the patches, users must ensure updating their systems with the latest updates to remain safe. Besides, Microsoft also advises users to disconnect critical devices, such as PLCs, from the internet, limit authorized access, and deploy segmentation with unique credentials for specified and authorized user access.