PLCnext Control provides authentication and integrity check for the application.
An authenticated, skilled attacker might be able to manipulate the application (e.g.: logic files, executable logic, configurations) in a special crafted way that the integrity check will not be able to recognize these tampering attempts which are then difficult to remove.
PLCnext Engineer warns users if the PLC logic is different from the current loaded project when Online mode is activated. In addition, during loading an application on the PLC, a Project Integrity Warning logging entry is generated.
A skilled attacker might be able to manipulate the application in a special crafted way that the integrity check will not be able to recognize tampering attempts.
Increased Security attacks against OT infrastructure and research of Dragos makes it necessary to publish this advisory giving users hints according to basic security measures to support automation systems using existing devices based on ProConOS/ProConOS eCLR.
ProConOS/ProConOS eCLR controller runtime system has been offered as a Software Development Kit (SDK) to automation suppliers that build their own automation devices. ProConOS/ProConOS eCLR is embedded into automation suppliers’ hardware, real-time operating systems (RTOS), firmware, and I/O systems.
The application (e.g.: logic files, executable logic, configurations) had been designed without integrity and authenticity check which was state of the art when developing the products.
Logic files generated by MULTIPROG Engineering tool could be manipulated on the engineering station and loaded into the PLC without tamper detection. In addition, tampering can be done by specially designed attacks in such a way that it remains hidden, and the logic program modifies its own code, making it difficult to determine the impact of a malicious program.
Users need to check with their device vendors if they are affected by this attack vulnerability or if the specific device integration mitigates this attack vector.
A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation
in Javascript, both used in CodeMeter Runtime affecting multiple products by PHOENIX CONTACT.
A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products.
Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability.
Update A, 2023-11-13
Removed CVE-2023-4701 because it was revoked.
Multiple vulnerabilities allow an attacker to read arbitrary files, inject commands and bypass authentication or access control. Furthermore, hardcoded session and encryption keys as well as a missing firmware update signature and a service running with unnecessary privileges were discovered.
Several vulnerabilities have been discovered in the LibGit2Sharp or underlying LibGit2 library.
This open-source component is widely used in a lot of products worldwide.
The product is vulnerable to remote code execution, privilege escalation and tampering.
PLCnext Engineer is using the LibGit2Sharp library to provide version control capabilities.
Two vulnerabilities have been discovered in the firmware of TC ROUTER and TC CLOUD CLIENT devices.
Update A, 2024-08-12
The FL MGUARD family of devices is affected by two vulnerabilities.