CODESYS - the IEC 61131-3 automation software

Welcome to the official CODESYS Forum by 3S-Smart Software Solutions GmbH | A member of the CODESYS Group
Deutsche Version English version russian version 
It is currently Tue Nov 12, 2019 4:37 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Tue Jan 22, 2013 5:38 pm 
Offline
Frequent User
Frequent User

Joined: Mon Jul 25, 2005 8:06 pm
Posts: 295
Hello Roland maybe you can shed some light on this? An article surfaced in Control Magazine email updates titled "Analysis of 3s CoDeSys Security Vulnerabilities for Industrial Control System Professionals". Here is the excerpt:

A number of security vulnerabilities in the CoDeSys Control Runtime System were disclosed in January 2012. In October 2012, fully functional attack tools were also released to the general public. While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers from such vendors as ABB, DEIF, Eaton, Hitachi, Schneider, Turck and Wago. This list of reputable vendors represents only a fraction of those that are potentially vulnerable, and includes devices used in all sectors of manufacturing and infrastructure. As a result, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain. This white paper summarizes the currently known facts about these vulnerabilities and associated attack tools.

And the link here: http://www.controlglobal.com/whitepaper ... DeSys.html

The download goes into great detail of accessing the 3s PLC.

I understand if you don't want to keep this published and remove this post but I thought I should make you aware. My main question is not the vulnerability by why did this company target 3s specifically? Typically you find out that it was a commissioned project by AB, Siemens or Mitsubishi.

_________________
Thanks,
Steve Pfeifenroth


Top
   
PostPosted: Tue Jan 22, 2013 6:29 pm 
Offline

Joined: Mon Dec 27, 2010 2:35 pm
Posts: 71
Here is the official press release:

http://www.codesys.com/details/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html


Top
   
PostPosted: Tue Jan 22, 2013 6:37 pm 
Offline
Frequent User
Frequent User

Joined: Mon Jul 25, 2005 8:06 pm
Posts: 295
You know I remember reading that and didn't link the two together. Dummy me.

_________________
Thanks,

Steve Pfeifenroth


Top
   
PostPosted: Tue Jan 22, 2013 6:46 pm 
Offline

Joined: Mon Dec 27, 2010 2:35 pm
Posts: 71
Yep, but the second part of your question is still interesting :) ... I don't hope to receive an answer for that on this forum.
Anyway, I think the press release and 3S reaction was correct.


Top
   
PostPosted: Thu Jan 17, 2019 5:28 pm 
Offline

Joined: Wed Nov 11, 2015 2:26 pm
Posts: 4
Zombie post, I know. But....

Has this been resolved and how?


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited