Claroty finds critical vulnerabilities in cloud-based ICS platforms


Friday, 30 July, 2021

Claroty finds critical vulnerabilities in cloud-based ICS platforms

Industrial cybersecurity company Claroty’s research arm, Team82 has found critical vulnerabilities in cloud-based management platforms for industrial control systems (ICS), highlighting the rise of ICS in the cloud and the growing need to secure cloud implementations in industrial environments.

In its report, Top-Down and Bottom-Up: Exploiting Vulnerabilities in the OT Cloud Era, Team82, formerly known as The Claroty Research Team, researched the exploitability of cloud-based management platforms responsible for monitoring ICS, and developed techniques to exploit vulnerabilities in automation vendor CODESYS’ Automation Server and vulnerabilities in the WAGO PLC platform.

The research mimics the top-down and bottom-up paths an attacker would take to either control a Level 1 device to eventually compromise the cloud-based management console, or the reverse, commandeer the cloud to manipulate all networked field devices.

“Team82’s latest research was motivated by the reality that organisations in the Industry 4.0 era are incorporating cloud technology into their OT and IIoT for simplified management, better business continuity, and improved performance analytics,” said Amir Preminger, VP research at Claroty.

“In order to fully reap these rewards, organisations must implement stringent security measures to secure data in transit and at rest, and lock down permissions. We thank the CODESYS and WAGO teams for their swift response, updates, and mitigations that benefit their customers and the ICS domain.”

Image credit: ©stock.adobe.com/au/kran77

Related News

Lack of leadership buy-in biggest obstacle to digital trust: report

A new report from ISACA says that many organisations say that in five years digital trust will be...

Lack of customer confidence affecting security strategies: report

A survey from LogRhythm finds three-quarters of ANZ companies changed their security strategy...

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd