A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven
Industrial Control Systems have long evolved from specialized electronics communicating over proprietary bus systems to fully-fledged embedded computers based on commodity Ethernet connections. The Stuxnet computer worm of 2010 demonstrated to the general public that this development makes Industrial Control Systems susceptible to cyberattacks with physical consequences. Siemens as the vendor of the affected Programmable Logic Controllers (PLCs) has released multiple new products since then, which double down on Ethernet connectivity in company networks and are expected to conform to higher security standards.
A new Windows CE x86 compiler in 2024
At ENLYZE we need to deal with operating systems from the last century on customer machines everyday. No matter whether it’s something “simple” like Windows 2000 running on an operator touch panel (“HMI”) or something peculiar like QNX 4 controlling a production machine: If they handle live production data, we need to capture this data and forward it to our pipeline. And often enough, this involves writing new custom software for these ancient operating systems.
Writing Variables on CODESYS PLCs the Hard Way
Most PLCs come with their dedicated IDEs that are used to program and debug them. The debug functionality is of special interest to us at ENLYZE because once we’ve reverse-engineered the underlying network protocol, we can use it to programmatically read and write values on PLCs. In some cases, PLCs also have a way to expose variables over an official interface, but often these interfaces are more limited and may not be enabled, so debug interfaces generally expose the most functionality.
On the hype around the critical Siemens S7-1200/S7-1500 vulnerability CVE-2022-38465
Around two months ago, the Team82 research group at Claroty disclosed a critical vulnerability in Siemens current S7-1200/S7-1500 series of PLCs. This is the next issue in a series of recent disclosures on the security of these ubiquitous logic controllers. What’s different this time is the whopping CVSS severity score of 9.3 (of a possible 10). The identifier CVE-2022-38465 was assigned to this vulnerability and Siemens published the related security advisory SSA-568427 and security bulletin SSB-898115.
ENLYZE S7-Project-Explorer released as open-source
Aachen/Cologne – 2022-10-05 – The automation industry is full of proprietary closed solutions, which ultimately thwart the Smart Factory (“Industry 4.0”) goal of open communication between machines. To make a difference in this industry, ENLYZE is today releasing its S7-Project-Explorer to the general public as a free download. On top of this, we are also making the source code freely available to allow for maximum trust in our software and enable further development collaboratively in an open development process.
That time I had to patch the Universal CRT
I just finished a blog post where I replaced almost the entire Microsoft build toolchain for our Windows software with open-source alternatives better suiting our needs. Except for the Visual Studio C runtime library, nowadays called Universal CRT (shortened to UCRT or just CRT). The CRT had been performing without any trouble, and I didn’t expect this to change, considering that our software was mostly using modern C++ constructs. Things took an unexpected turn though when I witnessed a huge memory leak in one of our applications that was creating and terminating multiple std::threads in a row.
Targeting 25 years of Windows with Visual Studio 2019
Adapted EnlyzeWinCompatLib Project on GitHub Adapted Wizard-2020 Project on GitHub Our method to build software compatible down to Windows 2000 using Visual Studio 2017 served us well for several months. And trust me, I had really hoped that Windows 2000 would be as low as we ever had to go. But the world of industrial manufacturing surprises you every day. So at some point, we inevitably stumbled upon industrial control systems that were still running Windows NT 4.
Modern Visual Studio meets ancient Windows
Project on GitHub In my previous blog series, I have shown how to write Win32 applications in 2020 using the amenities that modern C++ brings. Writing an application in 2020 doesn’t mean that we have to forget about 2000 though: The unrivaled compatibility of the Win32 API makes it possible to run your modern application even on Windows 2000 and older Windows XP versions – in theory at least!
Writing Win32 apps like it's 2020: A DPI-aware resizable wizard
This is the third part of a three-part series on Win32 development: Introduction Helpers for a modern C++ world A DPI-aware resizable wizard Example Project on GitHub User interfaces in 2020 need to consider many more details than those of previous generations. One of the biggest changes of the last decade is certainly the introduction of HiDPI displays, displays with much higher resolutions together with software using more pixels per GUI element.
Writing Win32 apps like it's 2020: Helpers for a modern C++ world
This is the second part of a three-part series on Win32 development: Introduction Helpers for a modern C++ world A DPI-aware resizable wizard Example Project on GitHub We are now going to get into the nitty-gritty details of Win32 and how modern C++ can help us here. Pointers that free themselves Universal C++ containers String resources without regrets Mastering the handle mess Gracefully failing constructors The only WndProc you’ll ever need Conclusion Pointers that free themselves If you are coming from the C world, you have been managing all your resources manually so far.