Schneider Electric PLC Vulnerability Causing Remote Takeover

Share post:

A vulnerability in Schneider Electric Modicon programmable logic controllers could allow a remote attacker to gain complete control of the chips, resulting in remote code execution, malware installation, and other security issues.

The vulnerability affects the Modicon chips M340, M580 and other models of the Modicon series.

It violates Schneider’s unified messaging application services protocol, which is used to configure and monitor Schneider’s PLC – Modicon and others – by using undocumented commands that allow the attacker to release hashes from a device’s memory.

Once leaked, hackers can use the stolen hash to infiltrate the secure connection that UMAS establishes between the PLC and its management workstation, allowing the attacker to reconfigure the PLC without a password.

This then allows the attacker to carry out attacks on remote code, including installing malware and taking steps to hide its presence.

Vulnerabilities in industrial control systems have been an increasing problem lately, but it is important to note that just because PLC’s like Schneider’s Modicon line are vulnerable, an attacker will not have an easy time taking control of them.

PLCs should not be internet-facing as this makes an attack easy.

Ideally, an attacker would need to gain access to a secure network before being able to find a PLC that can be exploited.

It is recommended that all organizations ensure that they have real-time visibility into internet-connected assets, whether internal or external.

Privacy and access management strategies are also crucial.

Finally, it is strongly recommended to disable universal plug-and-play protocols and configure each device manually.

For more information, read the original story in Techrepublic.



Related articles

Microsoft to block emails from “Persistently Vulnerable Exchange Servers”

Microsoft has announced a new security feature for Exchange Online that will gradually throttle and eventually block emails...

Pinduoduo removed from Google Play Store after cyberattack

According to security researchers at Lookout, Pinduoduo has been involved in a complex malware attack through its application,...

Twitter source code leaked, demands GitHub reveal who posted it there

New York Times says the code posted on GitHub had been there for months. raising securit

Okta’s login flaw exposes users to attack, says Mitiga

According to Mitiga, Okta's login system contains a simple error that could expose its users to future attacks. Users...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways