ic3sw0rd

@SarahFluchs @S4xNews so cool!

Finally at @S4xNews #S4x23 again this year! I'm already starting to feel Miami vibes 🌴.

How to quickly discover vulnerabilities on Siemens SIMATIC PLCs, see here. youtu.be/RT_XtKp8r7I Here is my topic for blackhat EU 2022. #fuzzing-and-breaking-security-functions-of-simatic-plcs-28669" target="_blank" rel="nofollow noopener">blackhat.com/eu-22/briefing… #ICS #Siemens #BlackHatEurope #vulnerabilities

Siemens SIMATIC PLC is widely used & accounts for a high proportion of the PLC market share, often used in critical infrastructure control scenarios, such as energy, water, power, oil & gas industries. Join this #BHEU Briefing to learn more -- bit.ly/3LLmDVh

Congratulations, my presentation "Fuzzing and Breaking Security Functions of SIMATIC PLCs" has been selected by blackhat EU 2022, I am glad to share my experiences on security issues of SIMATIC PLCs, Stay tuned. #fuzzing-and-breaking-security-functions-of-simatic-plcs-28669" target="_blank" rel="nofollow noopener">blackhat.com/eu-22/briefing… #BHEU @BlackHatEvents @NSFOCUS_Intl

@AlixAbbasi Congratulations!!!👍

Codesys Patches 11 Flaws Likely Affecting Controllers From Several #ICS Vendors securityweek.com/codesys-patche…

[CVE-2022-32137] ABB-PM564 DoS DEMO A crafted request may cause a heap-based buffer overflow in the affected CODESYS products, resulting in a denial-of-service condition or memory overwrite. youtu.be/jY217QJNXEI #ICS #PLC #codesys #vulnerability

[CVE-2022-31806] Codesys V2 Runtime RCE DEMO Password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. youtu.be/q1Um9KZVArU #ICS #PLC #CODESYS #vulnerability

ICS Supply Chain Threat: codesys V2 runtime multiple vulnerabilities. These vulnerabilities will affect 300+ manufacturer controllers worldwide. github.com/ic3sw0rd/Codes… #ICS #PLC #codesys #vulnerability

We published a new blog post on how to bypass microcontroller ReadOut protections via fault attacks and voltage glitching: Blog: emproof.io/blog/2022-06-1… Code: github.com/emproof-com/nr…

@langnergroup A lot of people prefer “REM”, however this comes with more risks

Is that too much to ask for

Spring Framework RCE spring.io/blog/2022/03/3…

Demostración de explotación de CVE contra un PLC S7-1500 de @siemensindustry que genera una #DoS en pocos segundos

Siemens has released patches for a series of new PLC vulnerabilities dubbed S7+:Crash that can be exploited to remotely crash controllers. securityweek.com/new-vulnerabil… #ICS

Multiple high-severity denial-of-service vulnerabilities exist in SIMATIC products, and the remaining vulnerabilities are still under investigation, which we named S7+:Crash. SecurityWeek.Com securityweek.com/ics-patch-tues… @SecurityWeek @EduardKovacs #OT #ICS #vulnerability

@EduardKovacs Siemens high-severity denial-of-service vulnerabilities PoC Demo,The S7-1500 with access protection enabled is still affected by these vulnerabilities and goes into critical failure mode. youtu.be/XNDo0iAaT14

Siemens and Schneider Electric have released 15 advisories this Patch Tuesday to address nearly 50 vulnerabilities found in their products. securityweek.com/ics-patch-tues…

HIGH risk vulnerabilities in Siemens PLCs —S7+:Crash linkedin.com/feed/update/ur… #cybersecurity #ICS #Siemens #CVE #vulnerability

S7+:Crash，The vulnerabilities that have been addressed so far are CVE-2021-37185、CVE-2021-37204、CVE-2021-37205. The S7-1500 with access protection enabled is still affected by these vulnerabilities and goes into critical failure mode. youtu.be/XNDo0iAaT14

Since August 2021, we have submitted several SIMATIC product vulnerabilities. Yesterday Siemens published a security advisory addressing three of these vulnerabilities, which we call the series: S7+:Crash.

The topic of sharing mentioned in my last tweet is as follows： 1. How to crash a password-protected Siemens SIMATIC product(S7-1500/S7-1200). 2. How to hunt 10 vulnerabilities of ABB AC500 PLC in one day. Are there any topics of interest for you? #ics #cybersecurity