Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don’t feature a function to check integrity and authenticity of the application (e.g.: logic files, executable logic, configurations).
A CRC Check warning the user if the application of the Engineering tool and the PLC differs can be manipulated.
PLCnext Control provides authentication and integrity check for the application.
An authenticated, skilled attacker might be able to manipulate the application (e.g.: logic files, executable logic, configurations) in a special crafted way that the integrity check will not be able to recognize these tampering attempts which are then difficult to remove.
PLCnext Engineer warns users if the PLC logic is different from the current loaded project when Online mode is activated. In addition, during loading an application on the PLC, a Project Integrity Warning logging entry is generated.
A skilled attacker might be able to manipulate the application in a special crafted way that the integrity check will not be able to recognize tampering attempts.
Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie.
UPDATE 29.02.2024: Removed "This version is planned for January 2024." from Solution as the updated version is released.
On CODESYS Control runtimes running on Linux or QNX operating systems, successfully authenticated PLC programmers can utilize SysFile or CAA-File system libraries to inject calls to additional shell functions.
The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable an attacker to gain full control over the system. The vulnerabilities can be exploited locally or over the network.
Several Pilz products use the 3rd-party component “libwebp” for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. Depending on the affected product, the vulnerabilities can be exploited locally or over the network.
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.