Analysis on Account Hijacking and Remote Dos Vulnerability in the CODESYS-Based PLC Runtime.

Controllers Development System (CODESYS) is an industrial control system development and control runtime platform developed by 3S-Smart Software Solutions, which was designed to meet the various requirements necessary for the modern industrial automation project. The CODESYS provides a platform in an OEM form so that it can be applied to various manufacturers requiring development software, which are applied to and used in more than 261 industrial machinery manufacturers in the world. This paper tests the vulnerabilities that may occur and checks if the products of the other manufacturers using the CODESYS platform imply the same vulnerability by performing reverse engineering for Engineering Workstations (EWS) and binary runtime of a control system based on this CODESYS platform. The vulnerability analysis procedures include bypassing of anti-debugging of runtime and reverse engineering for runtime reverse-analysis, and implementation of a network fuzzer through protocol analysis, which presents the protocol structure of the analyzed CODESYS V3 and an attack scenario in which the found vulnerability may be exploited. This paper has two types of vulnerabilities. This paper would describe the vulnerability that may occur in the user authentication process between EWS and Programmable Logic Controller (PLC) and the vulnerability of remote Denial of Service (DoS) attack, which shows that the attacker may disguise PLC through MitM attack or request the user account information.