Pierluigi Paganini September 13, 2022
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel

The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations. Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a Free Palestine campaign. On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it has compromised […]

Pierluigi Paganini June 28, 2022
Two critical flaws affect CODESYS ICS Automation Software

CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. CoDeSys is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The […]

Pierluigi Paganini July 13, 2021
ModiPwn flaw in Modicon PLCs bypasses security mechanisms

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric ’s Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […]

Pierluigi Paganini February 27, 2021
Experts found a critical authentication bypass flaw in Rockwell Automation software

A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical authentication bypass vulnerability, tracked as CVE-2021-22681, can be exploited by remote attackers to compromise programmable logic controllers (PLCs) manufactured by Rockwell Automation. The vulnerability was independently reported to Rockwell by researchers at the Soonchunhyang University […]

Pierluigi Paganini November 13, 2020
Security flaws in Schneider Electric PLCs allow full take over

Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs). Four encryption and authentication issues in Modicon […]

Pierluigi Paganini March 12, 2020
Talos found tens of dangerous flaws in WAGO Controllers

Cisco Talos experts discovered tens of flaws in WAGO products that expose controllers and human-machine interface (HMI) panels to remote attacks. Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions. The vulnerabilities affect PFC100 and PFC200 programmable […]

Pierluigi Paganini November 17, 2019
Experts found undocumented access feature in Siemens SIMATIC PLCs

Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices. Researchers discovered an undocumented access feature in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could be exploited by attackers to execute arbitrary code on affected devices. The feature was discovered by […]

Pierluigi Paganini November 05, 2016
How to compromise PLC systems via stealthy Pin control attacks

At the Black Hat Europe 2016 two security researchers devised undetectable attacks that could be used to hack PLC systems avoid being detected. Security researchers at the Black Hat Europe 2016 have presented a new attack method that could be used to hack programmable logic controllers avoid being detected. programmable logic controllers are essential components for […]

Pierluigi Paganini October 27, 2016
Experts disclosed a critical flaw in Schneider Industrial Firewalls

CyberX experts at the SecurityWeek’s 2016 ICS Cyber Security Conference disclosed a critical flaw in the Schneider Industrial Firewalls. This week, at the SecurityWeek’s 2016 ICS Cyber Security Conference, researchers at industrial security firm CyberX disclosed several important vulnerabilities. The experts demonstrated how hackers can target ICS systems and passing security measures in places. Among the vulnerabilities disclosed by […]

Pierluigi Paganini September 18, 2016
Hacking industrial processes with and undetectable PLC Rootkit

Two security researchers have developed an undetectable PLC rootkit that will present at the upcoming Black Hat Europe 2016. The energy industry is under unceasing attack, cyber criminals, and state-sponsored hackers continue to target the systems of the companies in the sector. The Stuxnet case has demonstrated to the IT community the danger of cyber attacks, […]