On the hype around the critical Siemens S7-1200/S7-1500 vulnerability CVE-2022-38465

Around two months ago, the Team82 research group at Claroty disclosed a critical vulnerability in Siemens current S7-1200/S7-1500 series of PLCs. This is the next issue in a series of recent disclosures on the security of these ubiquitous logic controllers. What’s different this time is the whopping CVSS severity score of 9.3 (of a possible 10). The identifier CVE-2022-38465 was assigned to this vulnerability and Siemens published the related security advisory SSA-568427 and security bulletin SSB-898115.

ENLYZE S7-Project-Explorer released as open-source

Aachen/Cologne – 2022-10-05 – The automation industry is full of proprietary closed solutions, which ultimately thwart the Smart Factory (“Industry 4.0”) goal of open communication between machines. To make a difference in this industry, ENLYZE is today releasing its S7-Project-Explorer to the general public as a free download. On top of this, we are also making the source code freely available to allow for maximum trust in our software and enable further development collaboratively in an open development process.

That time I had to patch the Universal CRT

I just finished a blog post where I replaced almost the entire Microsoft build toolchain for our Windows software with open-source alternatives better suiting our needs. Except for the Visual Studio C runtime library, nowadays called Universal CRT (shortened to UCRT or just CRT). The CRT had been performing without any trouble, and I didn’t expect this to change, considering that our software was mostly using modern C++ constructs. Things took an unexpected turn though when I witnessed a huge memory leak in one of our applications that was creating and terminating multiple std::threads in a row.

Targeting 25 years of Windows with Visual Studio 2019

Adapted EnlyzeWinCompatLib Project on GitHub Adapted Wizard-2020 Project on GitHub Our method to build software compatible down to Windows 2000 using Visual Studio 2017 served us well for several months. And trust me, I had really hoped that Windows 2000 would be as low as we ever had to go. But the world of industrial manufacturing surprises you every day. So at some point, we inevitably stumbled upon industrial control systems that were still running Windows NT 4.

Modern Visual Studio meets ancient Windows

Project on GitHub In my previous blog series, I have shown how to write Win32 applications in 2020 using the amenities that modern C++ brings. Writing an application in 2020 doesn’t mean that we have to forget about 2000 though: The unrivaled compatibility of the Win32 API makes it possible to run your modern application even on Windows 2000 and older Windows XP versions – in theory at least!

Writing Win32 apps like it's 2020: A DPI-aware resizable wizard

This is the third part of a three-part series on Win32 development: Introduction Helpers for a modern C++ world A DPI-aware resizable wizard Example Project on GitHub User interfaces in 2020 need to consider many more details than those of previous generations. One of the biggest changes of the last decade is certainly the introduction of HiDPI displays, displays with much higher resolutions together with software using more pixels per GUI element.

Writing Win32 apps like it's 2020: Helpers for a modern C++ world

This is the second part of a three-part series on Win32 development: Introduction Helpers for a modern C++ world A DPI-aware resizable wizard Example Project on GitHub We are now going to get into the nitty-gritty details of Win32 and how modern C++ can help us here. Pointers that free themselves Universal C++ containers String resources without regrets Mastering the handle mess Gracefully failing constructors The only WndProc you’ll ever need Conclusion Pointers that free themselves If you are coming from the C world, you have been managing all your resources manually so far.

Writing Win32 apps like it's 2020: Introduction

This is the first part of a three-part series on Win32 development: Introduction Helpers for a modern C++ world A DPI-aware resizable wizard Example Project on GitHub Let’s start with the obvious question right away: Why should anyone write a new application using ‘90s technology like Win32 API in 2020? Well, if you are working at a company like ENLYZE, there are plenty of good reasons to do so:

Fun with Decorators, Protobuf and Apache Beam

As somebody who had the burden pleasure to work with Apache Beam’s Java SDK, I really enjoyed the parametrized nature of pipeline transforms. Besides making it easy reason about inputs and outputs of individual steps of a pipeline, Beam also takes care of (de)serialization.

In this post, we explore a similar approach for Apache Beam’s Python SDK to the Java SDK using decorators.

How to build an Embedded Bootloader: Introduction

This is the first post in a series about how to build a bootloader to deliver OTA updates to embedded devices such as an STM32 microcontroller. First, we will outline what’s important and then lay out the concept for what we’re going to build.