Cybersecurity firm Nozomi Networks has disclosed information on several vulnerabilities found by its researchers in Beckhoff Automation’s TwinCAT/BSD operating system for industrial PCs.
TwinCAT/BSD combines the TwinCAT runtime with the FreeBSD open source operating system. TwinCAT enables users to transform nearly any PC-based system into a real-time controller with multi-PLC system capabilities.
According to Nozomi Networks, the Device Manager web-based management component shipped with the operating system, which enables the remote monitoring and configuration of Beckhoff devices, is impacted by four vulnerabilities.
Two of the flaws, tracked as CVE-2024-41173 and CVE-2024-41174, have been classified as ‘high severity’ and they can be exploited for authentication bypass and cross-site scripting attacks, respectively.
According to Nozomi, an attacker can exploit CVE-2024-41173 to tamper with the PLC logic.
“An attacker with limited credentials could exploit one of the identified vulnerabilities to reset the PLC administrator’s password without needing the original one. This would allow them to connect to the PLC with administrative access via standard engineering tools and to reprogram the device as desired, potentially subverting the supervised industrial process,” the ICS cybersecurity firm explained.
The other two flaws, rated ‘medium severity’, enable local attackers to cause a PLC denial of service (DoS).
An attacker with limited credentials can make devices unresponsive — including remotely from the network — until a power reset is performed.
“This may be combined with other attacks against the device: for instance, a threat actor may perform the previously cited manipulation of the PLC programming to initiate the disruption of the industrial process, then enact this scenario to prevent access to the device, blocking any attempt to regain control,” Nozomi said.
Beckhoff has released patches and mitigations, and it has published advisories for each vulnerability.
Related: ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva
Related: Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption
Related: Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers
