reports that threat actors could potentially target industrial enterprises with malicious attacks by exploiting vulnerabilities in cloud-based industrial control systems, as demonstrated by a research arm of cybersecurity firm Claroty.
The team uncovered seven vulnerabilities, four of which affected WAGO products via their programmable logic controllers and the remaining three affecting CODESYS' Automation Server platform, which could allow malicious activities to be performed from the cloud-based management console to its managed endpoint devices, as well as from the endpoint devices to the consoles. Some of the attack scenarios presented involved abuse of WAGO and CODESYS vulnerabilities that have since been patched by their vendors, but others implemented social engineering
and other techniques.
One of the scenarios had the threat actor creating a malicious CODESYS package and uploading it to a CODESYS store. The package's function is to leak credentials, and once installed will execute arbitrary code on the device allowing the attacker to obtain them.
From there, the attacker could change or stop the logic running via the managed PLCs, such as stopping a program that regulates temperature or change centrifuge speeds. "These types of attacks could lead to real-life damage and affect production times and availability," a researcher said.