This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
According to Russian cybersecurity firm Positive Technologies, a lot of vulnerabilities found in industrial controllers made by WAGO can be abused to obstruct technological processes, which in some cases could lead to industrial accidents.
WAGO is a German company that manufactures components for electrical connections and electronic components for decentralized automation.
The vulnerabilities were discovered in the WAGO PFC200 programmable logic controller (PLC), which the vendor has now addressed. One of the issues, tracked as CVE-2021-21001, has been defined as a path traversal issue involving a CODESYS component utilized by the device and is graded critical severity.
It allows a network-connected attacker with elevated capabilities to access the target device’s file system by delivering specially designed packets.
Vladimir Nazarov, head of ICS security at Positive Technologies explained, “By exploiting this vulnerability, attackers can access the controller file system with read and write rights. Changes in the PLC file system may cause disruption of technological processes and even lead to industrial accidents.”
The second vulnerability, CVE-2021-21000, is a medium-severity problem that affects WAGO’s iocheckd service, which is used to check PLC input/output and demonstrate the PLC configuration. This weakness can be exploited by an unauthenticated intruder with network access to the device to cause a DoS condition.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: WAGO Controller Flaws Can Allow Hackers to Interrupt Industrial Processes
