Okay, I have to apologize to the folks at DHS ICS-CERT for casting aspersions upon the integrity of their Alert/Advisory product. This morning ICS-CERT published an update on the CoDeSys alert originally issued in April of this year concerning vulnerabilities that Reid Wightman had identified during Project Base Camp in the CoDeSys SCADA application. This update addresses the new exploit tools that Reid reported about over on the blog at DigitalBond.com.
The folks at ICS-CERT then went me one better; they posted a link (provided by CoDeSys) to a page that identifies the vendors (and the device names) that are using the CoDeSys application that is at the heart of the problem. It’s a little more complex than just a list of names, you have to fill in some search blocks and hit the “Show” button, but it is a very interesting little list of vendors.