Ars Technica – (International) Backdoor in computer controls opens critical infrastructure to hackers. Software used to manage equipment in power plants, military environments, and nautical ships contain an undocumented backdoor that could allow malicious hackers to access sensitive systems without authorization. The CoDeSys software tool, which is used in industrial control systems sold by 261 different manufacturers, contains functionality that allows people to remotely issue powerful system commands, a researcher with security firm ioActive, told Ars Technica. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering. Of the two specific programmable logic controllers (PLCs) the researcher tested, both allowed him to issue commands that halted the devices’ process control. He estimated there are thousands of other models that also ship with CoDeSys installed, and he said most of them are probably vulnerable to the same types of attacks. He declined to identify the specific models he tested except to say that one ran the Linux operating system on Intel-compatible - 14 -processors and the other used Microsoft’s Windows CE running on ARM chips. He said a quick search using the Shodan computer location service showed 117 devices directly connected to the Internet, but he suspects more detailed queries could reveal many more. A blog post that contains additional vulnerability details said code that automates the exploit is expected to be added to the Metasploit software framework used by hackers and security professionals.
Ali Loney, on October 25, 2012