Schneider Electric PLC Vulnerability Causing Remote Takeover

Share post:

A vulnerability in Schneider Electric Modicon programmable logic controllers could allow a remote attacker to gain complete control of the chips, resulting in remote code execution, malware installation, and other security issues.

The vulnerability affects the Modicon chips M340, M580 and other models of the Modicon series.

It violates Schneider’s unified messaging application services protocol, which is used to configure and monitor Schneider’s PLC – Modicon and others – by using undocumented commands that allow the attacker to release hashes from a device’s memory.

Once leaked, hackers can use the stolen hash to infiltrate the secure connection that UMAS establishes between the PLC and its management workstation, allowing the attacker to reconfigure the PLC without a password.

This then allows the attacker to carry out attacks on remote code, including installing malware and taking steps to hide its presence.

Vulnerabilities in industrial control systems have been an increasing problem lately, but it is important to note that just because PLC’s like Schneider’s Modicon line are vulnerable, an attacker will not have an easy time taking control of them.

PLCs should not be internet-facing as this makes an attack easy.

Ideally, an attacker would need to gain access to a secure network before being able to find a PLC that can be exploited.

It is recommended that all organizations ensure that they have real-time visibility into internet-connected assets, whether internal or external.

Privacy and access management strategies are also crucial.

Finally, it is strongly recommended to disable universal plug-and-play protocols and configure each device manually.

For more information, read the original story in Techrepublic.

SUBSCRIBE NOW

Related articles

20 dollars unmasks a major vulnerability in the internet infrastructure. Cyber Security Today for Friday the 13th, September 2024

US Cyber Security and Infrastructure Agency -  CISA has added three significant vulnerabilities to its “known exploited vulnerabilities...

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways