Analysis of 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals

Overview:

This White Paper explains:

  • What the 3S CoDeSys vulnerabilities are and what an attacker can do with them
  • How to find out what control/SCADA devices are affected
  • The risks and potential consequences to SCADA and control systems
  • The compensating controls that will help block known attack vectors

A number of security vulnerabilities in the CoDeSys Control Runtime System were disclosed in January 2012. In October 2012, fully functional attack tools were also released to the general public.

While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers. Many vendors are potentially vulnerable, and include devices used in all sectors of manufacturing and infrastructure. As a result, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain.

This White Paper summarizes the currently known facts about these vulnerabilities and associated attack tools. It also provides guidance regarding a number of mitigations and compensating controls that operators of SCADA and ICS systems can take to protect critical operations.

There's More to This Story
Get more. You can read the rest of this story and other exclusive content as a Control Global community member. It's FREE, and it’s easy. We just need your name and email address. Then you can read everything you want on our site and even comment on it.

Author: Tofino  | File Type: PDF

Find more white papers on Safety Instrumented SystemsIntrinsic SafetySystems IntegrationSCADAWireless

View all white papers»