Express Computer
Home  »  News  »  Forescout reveals latest OT:ICEFALL findings, detects three new vulnerabilities

Forescout reveals latest OT:ICEFALL findings, detects three new vulnerabilities

0 65

Forescout’s Vedere Labs disclosed the latest findings of OT:ICEFALL, vulnerability research focused on finding and addressing issues in operational technology (OT) devices. The research has detected three new vulnerabilities affecting OT devices, in continuation to its findings wherein 56 vulnerabilities affecting devices from 10 OT  vendors were revealed earlier this year.

In its OT: ICEFALL research, Vedere Labs has disclosed three new vulnerabilities affecting OT products from two German vendors: Festo automation controllers and the CODESYS runtime, which is used by hundreds of device manufacturers in different industrial sectors, including Festo. As in the original OT:ICEFALL disclosure, these issues exemplify either an insecure-by-design approach where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography. The disclosure involved the affected manufacturers and the CERT@VDE, a German security platform for small and medium-sized automation companies.

“It is a well-established fact that OT devices are often riddled with vulnerabilities and have grown to become high targets for bad actors owing to the rapidly expanding threat landscape. OT:ICEFALL is our continued effort at identifying such vulnerabilities, along with creating mitigation measures. We were able to identify 56 vulnerabilities in our research earlier this year, but that was certainly not the end of it. The emergence of three new vulnerabilities further lays stress upon the dire need for robust network monitoring,” said Daniel dos Santos, Head of Security Research, Forescout.

The new vulnerabilities identified in the research are the following:

The CODESYS V3 runtime environment before version 3.5.18.40 uses weak cryptography for downloading code and boot applications, enabling attackers to trivially decrypt and manipulate protected code by brute forcing session keys.

Festo CPX-CEC-C1 and CPX-CMXX controllers allow unauthenticated, remote access to critical webpage functions. Anyone with network access to a controller can browse to a hidden web page found on the controller’s filesystem, causing the controller to reboot immediately.

The Festo Generic Multicast (FGMC) protocol allows for the unauthenticated reboot of controllers and other sensitive operations on devices supporting this protocol.

Distribution of CODESYS and Festo devices
The official website of CODESYS describes it as the leading IEC 61131-3 automation suite, running on several million devices of approximately 1,000 models from over 500 manufacturers. Examples of manufacturers using the technology on their products can be found on this link. These devices are used in industries such as manufacturing, energy automation, and building automation. Although these devices are typically not supposed to be exposed online, we see almost 3,000 devices running CODESYS when querying the Shodan search engine (“port:2455 operating system”).

Festo CPX is an automation platform for electric and pneumatic systems. CPX-CEC-C1 and CPX-CMXX controllers run CODESYS V2, while newer versions run CODESYS V3 and provide capabilities for Industry 4.0, such as remote I/O and cloud connection. On the Forescout Device Cloud – a repository of data from 19 million devices monitored by Forescout appliances – we see close to 1,000 Festo controllers, used overwhelmingly within manufacturing.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image