Vulnerability in programmable logic controllers threatens millions of industrial devices

Published: July 20, 2021, 2:00pm

A vulnerability (CVE-2021-22779) in a type of programmable logic controller (PLC) used in manufacturing, building services, utility, energy, and automation devices worldwide could allow threat actors to gain control over systems. Dubbed Modipwn, the flaw exploits a unified messaging application services protocol designed to configure and monitor PLCs by leveraging undocumented commands that enable the attacker to leak hashes from the device’s memory. Once the leak is complete, the threat actors use the hashes to take over secure connections and reconfigure the PLC without needing a passcode. The reconfiguration then allows the attacker to perform remote code execution (RCE) and take steps to hide their presence within the systems.

The maker of the devices has acknowledged and applauded security researchers for discovering the flaw, recognizing the importance this type of research has in mitigating threats.

Next Steps

A patch for the vulnerability is available on the PLC maker’s website. Links to the patch can also be found in the CVE record for the flaw.

Security researchers also advise that one of the best practices for identifying vulnerabilities is penetration testing. Vulnerability management services can also help businesses better administer the vulnerability lifecycle.