Schneider Electric PLC Vulnerability Causing Remote Takeover

Share post:

A vulnerability in Schneider Electric Modicon programmable logic controllers could allow a remote attacker to gain complete control of the chips, resulting in remote code execution, malware installation, and other security issues.

The vulnerability affects the Modicon chips M340, M580 and other models of the Modicon series.

It violates Schneider’s unified messaging application services protocol, which is used to configure and monitor Schneider’s PLC – Modicon and others – by using undocumented commands that allow the attacker to release hashes from a device’s memory.

Once leaked, hackers can use the stolen hash to infiltrate the secure connection that UMAS establishes between the PLC and its management workstation, allowing the attacker to reconfigure the PLC without a password.

This then allows the attacker to carry out attacks on remote code, including installing malware and taking steps to hide its presence.

Vulnerabilities in industrial control systems have been an increasing problem lately, but it is important to note that just because PLC’s like Schneider’s Modicon line are vulnerable, an attacker will not have an easy time taking control of them.

PLCs should not be internet-facing as this makes an attack easy.

Ideally, an attacker would need to gain access to a secure network before being able to find a PLC that can be exploited.

It is recommended that all organizations ensure that they have real-time visibility into internet-connected assets, whether internal or external.

Privacy and access management strategies are also crucial.

Finally, it is strongly recommended to disable universal plug-and-play protocols and configure each device manually.

For more information, read the original story in Techrepublic.

SUBSCRIBE NOW

Related articles

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Hertz Data Breach Exposes Customer Information via Supply Chain Hack

Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive...

Google’s New Security Feature – Automatic Reboot

Google is introducing a new security feature in its latest Android update that will automatically reboot phones and...

Cybersecurity Firm Prodaft Buys Hacker Forum Accounts to Monitor Cybercriminal Activity

Swiss cybersecurity company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways