Daily Tech News, Interviews, Reviews and Updates

CERT alerts about vulnerabilities in Programmable Logic Computers used in manufacturing industries

The Indian Computer Emergency Response Team (CERT) warns about the possible exploitation of vulnerabilities in Programmable Logic Controllers (PLCs) that can shut down the whole industry.

A programmable Logic Controller (PCL) is an industrial computer adapted to control the manufacturing process of assembly lines, robotic devices, and activities with high reliability mostly used in all industries. The first exploitation of PCL vulnerabilities was detected in 2010 when Israel hacked and disabled Iran’s nuclear facility. Cyber experts say that nowadays industries are highly dependent on the PCLs and if they can be exploited the threat actor can disrupt the whole industry.

CERT advisories have told the press that they detected two severely “High” vulnerabilities in the purchased PCLs of a Japan-based company, JTEKT. There were almost 17 different types of vulnerabilities found in the PCLs of JTEKT that were sold to Indian industries.

The advisories said, “These vulnerabilities exist due to missing authentication for critical functions and insufficient verification of data authenticity. A remote attacker could exploit these vulnerabilities by sending specially crafted messages. Successful exploitation of these vulnerabilities could allow a remote hacker to execute arbitrary code, change control logic, disable communication links or perform denial-of-service condition on the targeted systems.”

PCLs work on a pre-set ‘logic’ which is essentially programmed externally. Usually, the industry officials operate the machine. If the threat actor or hacker gains access to the PCLs and externally exploits programming ‘logic,’ they will be able to manipulate industry controllers of PCLs by threatening aviation, defense, and the healthcare system.

According to the Director-General of Police Brijesh Singh who is the country’s efficient cyber expert, “Industry controllers are legacy systems with hardly any security. These systems used to be analog, but once they were accessible over the internet, they got an IP address and hackers were able to discover them.”

Reportedly, the Japan-based company branch, JTEKT is still has to confirm the recently detected vulnerabilities on their official website. However, the private cybersecurity research group Forescout has found 56 vulnerabilities classified as “critical” in PCLS manufactured by renowned companies raising more concern about cyber-security in the industries.

Get real time updates directly on you device, subscribe now.



You might also like