A number of security vulnerabilities in the CoDeSys Control Runtime System were disclosed in January 2012. In October 2012, fully functional attack tools were also released to the general public.
While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers, including:
• Wago 750/760 Field Couplers and Controllers (more than 25 devices found)
• ABB AC500 (PM5xx) PLC Family
• DEIF AWC500 Wind Turbine Controller
• Turck BL67 Modular Protocol Gateway
• Eaton EC4P Compact PLC
• Hitachi EHV+ Series PLC
• Schneider Electric Modicon LMC058 Motion Controller
• Schneider Electric Modicon M238 and M258 Logic Controllers
This list represents only a fraction of those that are potentially vulnerable, and includes devices used in all sectors of manufacturing and infrastructure. As a result, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain.
This White Paper summarizes the currently known facts about these vulnerabilities and associated attack tools. It also provides guidance regarding a number of mitigations and compensating controls that operators of SCADA and ICS systems can take to protect critical operations.
Click here to read the white paper.