Critical vulnerabilities found in cloud-based ICS management systems
There are lots of good reasons for moving industrial control systems to the cloud including better telemetry and analysis of device performance, management of logic and remote device configuration, improved diagnostics and troubleshooting, a centralized view of processes.
But as more operational technology and lCS make the move, they become increasingly vulnerable to threats. ICS security specialist Claroty has unveiled its new Team82 research arm along with a report on critical vulnerabilities found in cloud-based management platforms for ICS.
Team82's research mimics the top-down and bottom-up paths an attacker would take to either control a Level one device -- such as a programmable logic controller (PLC) -- in order to eventually compromise the cloud-based management console, or the reverse, commandeer the cloud in order to manipulate all networked field devices.
Team82 developed techniques to exploit vulnerabilities in automation vendor CODESYS' Automation Server through two unique attack vectors. The research also included the discovery of vulnerabilities in the WAGO PLC platform, and the development of a complex exploit chain to attack a single cloud-managed PLC and eventually take over the cloud-based host account. All of the vulnerabilities found and disclosed by Team82 have since been fixed or mitigated by CODESYS and WAGO.
"Team82's latest research was motivated by the reality that organizations in the Industry 4.0 era are incorporating cloud technology into their OT and IIoT for simplified management, better business continuity, and improved performance analytics," says Amir Preminger, VP research at Claroty. "In order to fully reap these rewards, organizations must implement stringent security measures to secure data in transit and at rest, and lock down permissions. We thank the CODESYS and WAGO teams for their swift response, updates, and mitigations that benefit their customers and the ICS domain."