Aleksandr Nochvay is a security researcher of the Kaspersky Lab ICS CERT. His passion is studying network protocols without source code available and he definitely likes to communicate with such protocols in any possible and impossible manners. Hi favorite vulnerabilities are logical and architectural ones. One day he found that software uses the string “TESTKEY” as a encryption key. He prefers to write reports about discovered vulnerabilities instead of advisories for developers.
3S’s CoDeSys Runtime is used in 100’s of PLC’s and Level 1 devices. In 2013/2014 Reid Wightman identified multiple vulnerabilities in the Runtime, developed proof of concept Metasploit modules and watched as the vulnerabilities and partial fixes provided by 3S remain unknown to the asset owners of those 100+ PLC models. Now the team at Kaspersky […]