Kaspersky ICS CERT researchers have discovered several vulnerabilities in a popular framework used for developing industrial devices such as programmable logic controllers (PLC) and Human-Machine Interface (HMI).
These devices are at the heart of almost any automated industrial facility – from critical infrastructure to production processes.
The uncovered vulnerabilities potentially allowed an attacker to conduct covert destructive remote and local attacks on the organization where PLCs developed through this vulnerable framework are used.
The framework was developed by CODESYS® and the vulnerabilities were fixed by the vendor following a report from Kaspersky.
PLCs are devices that automate processes that previously had to be performed manually or with help of complex electro-mechanical devices.
In order to make a PLC work correctly, these devices should be programmed. This programming is done via a special software framework that helps engineers to code and upload process automation program instructions into PLC.
This also provides a runtime execution environment for the PLC program code. This software is used across various environments, including production, energy generation, smart city infrastructures and many more. As Kaspersky researchers discovered, such software could become vulnerable and interfered with.