• Resources
  • Members
  • Directory
  • Webinars
  • WISE
  • CAD Models
  • EDGE Awards
  • Advertise
    1. News

    Ladder-logic software vulnerable to hackers

    Feb. 13, 2013
    Researchers have discovered a design flaw lets anyone carry out commands without authentication on software called CoDeSys, which is widely used in industrial controls

    Resources:
    3S-Smart Software Solutions GmbH
    Digital Bond

    Researchers have discovered a design flaw lets anyone carry out commands without authentication on software called CoDeSys, which is widely used in industrial controls.

    CoDeSys is an IEC 61131-3 software suite from 3S-Smart Software Solutions GmbH, Germany, that runs ladder-logic operations. It is used by over 260 manufacturers to run ladder-logic programs on PLCs, drive controllers, and other industrial controls. The vulnerability was uncovered by the company Digital Bond, Sunrise, Fla., during its Project Basecamp, a research effort to demonstrate the fragility of industrial control systems.

    Researchers at Digital Bond used a Wago IPC 758-870 Model PLC as their test unit, but say all systems running CoDeSys PLC software seem affected. The Wago PLC runs embedded Linux on an x86 central-processing unit, but other operating systems such as Nucleus RTOS and Windows CE are also affected. Given the way CoDeSys operates within the OS, manufacturers often run the ladder logic with elevated root or administrator privileges. Or they use an OS that does not have user privilege controls.

    One critical point is that the CoDeSys runtime offers a transmission-control-protocol listener service. The listener service typically runs on port 1200, although ports 1201 and 2455 were used on other controllers. Services provided by this listener include a command-line interface where instructions may be sent directly to the ladder-logic runtime service and a file-transfer service that permits downloading and uploading logic files.

    Unfortunately, CoDeSys software executes this connection without user authentication. Anyone who knows how can connect through the CoDeSys software to execute commands and transfer files. For example, they can stop and start the running ladder logic, wipe the PLC memory, and list files and directories. As the runtime operates with high-level privileges, all subdirectories and files are accessible, including critical system files such as /etc/passwd and /etc/shadow in Linux and the Window’s registry in CE.

    Right now, the only sure way of securing this or any industrial system is to keep it off any network. However, IT staff can make access more secure by placing systems on private networks that can only be entered through specific machines that carry out user authentication.

    © 2013 Penton Media, Inc

    Continue Reading

    Sponsored Recommendations

    How to Build Better Robotics with Integrated Actuators

    July 17, 2024
    Reese Abouelnasr, a Mechatronics Engineer with Harmonic Drive, answers a few questions about the latest developments in actuators and the design or engineering challenges these...

    Crisis averted: How our AI-powered services helped prevent a factory fire

    July 10, 2024
    Discover how Schneider Electric's services helped a food and beverage manufacturer avoid a factory fire with AI-powered analytics.

    Pumps Push the Boundaries of Low Temperature Technology

    June 14, 2024
    As an integral part of cryotechnology, KNF pumps facilitate scientific advances in cryostats, allowing them to push temperature boundaries and approach absolute zero.

    The entire spectrum of drive technology

    June 5, 2024
    Read exciting stories about all aspects of maxon drive technology in our magazine.

    Voice your opinion!

    To join the conversation, and become an exclusive member of Machine Design, create an account today!