Head Topics

Microsoft says Codesys PLC flaws can shut down power plants

Belgique Nouvelles Nouvelles

Microsoft says Codesys PLC flaws can shut down power plants
Belgique Dernières Nouvelles,Belgique Actualités
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 65 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 29%
  • Publisher: 61%

Microsoft warns Codesys PLC firmware bugs could 'shut down power plants'

– the international standard for vendor-neutral industrial equipment programming languages – according to the bug hunters.

So if your operational technology environment uses devices with any of this buggy firmware, update now if you can to avoid remote code execution or denial of service attacks. The 15 vulnerabilities, tracked as CVE-2022-47379 through CVE-2022-47393 inclusive, all received CVSS severity ratings of 8.8 out of 10, except for CVE-2022-47391, which earned a 7.5. It's the only one that can't be abused for RCE. Exploitation of any of these holes requires an attacker to be able to authenticate and log in.

We were able to apply 12 of the buffer overflow vulnerabilities to gain RCE of PLCs. Exploiting the vulnerabilities requires user authentication as well as bypassing the Data Execution Prevention and Address Space Layout Randomization used by both the PLCs., which allows us to perform a replay attack against the PLC using the unsecured username and password's hash that were sent during the sign-in process, allowing us to bypass the user authentication process.

To be clear, these aren't easy exploits. Not only do they require user authentication or stolen credentials, an intruder will need"deep knowledge of the proprietary protocol of Codesys V3 and the structure of the different services that the protocol uses," Redmond noted.

Nous avons résumé cette actualité afin que vous puissiez la lire rapidement. Si l'actualité vous intéresse, vous pouvez lire le texte intégral ici. Lire la suite:

TheRegister /  🏆 67. in UK

Belgique Dernières Nouvelles, Belgique Actualités

Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.

Microsoft OneDrive is a willing 'ransomware double agent'Microsoft OneDrive is a willing 'ransomware double agent'Microsoft OneDrive a willing and eager 'ransomware double agent'
Lire la suite »

How I grew bananas in my London garden from a £2.50 plantHow I grew bananas in my London garden from a £2.50 plant'I didn’t know whether to be excited about the fruit or afraid of the planet' 🍌 Rippon Ray YourDoctorDebt explains how he grew bananas in his London garden from a £2.50 plant
Lire la suite »

The People’s Pavilion 2023 is ‘about the power of the collective’The People’s Pavilion 2023 is ‘about the power of the collective’The People’s Pavilion 2023 launches at Lea Bridge Library, Waltham Forest in east London – and it’s designed and built by teenagers
Lire la suite »

What’s stopping the buildout of US power lines\n\t\t\tJournalists in 50+ countries follow the constant flow of money made and lost in oil & gas while\n\t\t\ttracking emerging trends and opportunities in the future of energy. Don’t miss our exclusive\n\t\t\tnewsletter, Energy Source.\n\t\t
Lire la suite »

My Happy Marriage episode 6's most important power came from MiyoMy Happy Marriage episode 6's most important power came from MiyoMiyo took control of her fate in MyHappyMarriage episode 6 ❤️
Lire la suite »



Render Time: 2025-03-26 04:52:20