Microsoft found a security bug so powerful that it could shut down a power plant
Microsoft has disclosed 15 critical vulnerabilities in its toolkit intended for industrial use. Although exploiting this bug will be quite difficult, the risk of insecurity is very high, causing great damage to the targets.
Specifically, the vulnerability affects the CODESYS V3 software development kit (SDK) that is used to program logic controllers, devices that open and close valves, rotate motors, and control many physical devices. inside industrial facilities worldwide such as power generation plants, energy automation, and process automation.
The SDK allows developers to be compatible with IEC 611131-3, a safe programming language system for use in industrial environments.
According to a Microsoft report, if a hacker performed a DOS attack on a device using a vulnerable version of CODESYS, it could shut down a power plant, interfere with its operations, and cause the systems to fail. Control logic runs abnormally, or steals important information.
Many vendors around the world are using CODESYS, so a single vulnerability can affect multiple sectors, device types, and verticals. The 15 vulnerabilities discovered by Microsoft can all lead to DoS and RCE attacks. Although exploiting these vulnerabilities requires deep knowledge of CODESYS V3's proprietary protocol as well as user authentication, a successful attack has the potential to cause massive damage to target users. pepper.
Since September 2022, Microsoft has privately reported the vulnerabilities to the CODESYS developer unit and has released patches. Many vendors using the SDK now have the updates installed.
You should read it
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- This critical vulnerability turns home devices into attack tools
- Detected Critical Security Bugs Affecting All Versions of Windows
- Vulnerability in WinRAR puts users at risk of being attacked
- NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacks
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- What to do to protect the device from ZombieLoad attack?
Maybe you are interested
GTA 6 will be released in fall 2025 Should water basins be placed in air-conditioned rooms? Fruits and vegetables rich in antioxidants Cryptocurrency Insurance: This Domain Could Be a Big Industry in the Coming Futur GTA 6: Modern Vice City context, released in 2024 - 2025 Microsoft confirms Windows 10X is dead