Critical infrastructure managing software vulnerable to Unauthorized access

Read Time:1 Minute, 43 Second

Posted by Mohit Kumar on 10/25/2012 08:57:00 AM |

Critical+infrastructure+managing+software+vulnerable+to+Unauthorized+access
Reid Wightman from security firm ioActive reported that there is an undocumented backdoor  available in  CoDeSys software that actually used to manage equipment in  power plants, military environments, and nautical ships.
.
The bug allow malicious hackers to access  sensitive systems without authorization, Ars said. The CoDeSys tool will grant a command shell to anyone who knows the  proper command syntax and inner workings, leaving systems that are connected to  the public Internet open to malicious tampering and There is absolutely no  authentication needed to perform this privileged command, Reid mention.
.
This software has been used in  industrial control systems sold by 261 different manufacturers. 3S-Smart  Software Solutions designs CoDeSys and recently issued an advisory  that recommends users set a password, but  he is able to  develop two exploit shells , one is codesys-shell.py  (to  get the CoDeSys command shell without authentication) and other , codesys-transfer.py (read or write files to the PLC without  authentication) which works fine without authentication.
.
This is another big security  vulnerabilities that threaten power plants and other critical infrastructure  both in the United States and elsewhere in the world. Wightman said a  simple search using the Shodan, showed 117 devices directly connected to the  Internet.
.
Wightman said that additional vulnerability details about issue and  exploit code that automates the hack  can be added to Metasploit  framework.

About Author:

Photo-Mohit+(Mobile)Mohit Kumar  aka ‘Unix Root’  is Founder and  Editor-in-chief  of ‘The Hacker News’. He is a  Security  Researcher and Analyst, with experience in various aspects of  Information  Security. His editorials always get people thinking and  participating in the new  and exciting world of cyber security. Other than this  : He is an Internet  Activist, Strong supporter of Anonymous & Wikileaks.  His all efforts are to  make internet more Secure. Follow him @ Twitter | LinkedIn |   Google | Email

– See more at:  http://thehackernews.com/2012/10/critical-infrastructure-managing.html#sthash.U4iIIj0u.dpuf – See more at: http://thehackernews.com/2012/10/critical-infrastructure-managing.html#sthash.U4iIIj0u.dpuf



Categories: Health Technology News

Tags: , , , , , , ,

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

One thought on “Critical infrastructure managing software vulnerable to Unauthorized access

%d bloggers like this: