Schneider Electric PLC Vulnerability Causing Remote Takeover

Share post:

A vulnerability in Schneider Electric Modicon programmable logic controllers could allow a remote attacker to gain complete control of the chips, resulting in remote code execution, malware installation, and other security issues.

The vulnerability affects the Modicon chips M340, M580 and other models of the Modicon series.

It violates Schneider’s unified messaging application services protocol, which is used to configure and monitor Schneider’s PLC – Modicon and others – by using undocumented commands that allow the attacker to release hashes from a device’s memory.

Once leaked, hackers can use the stolen hash to infiltrate the secure connection that UMAS establishes between the PLC and its management workstation, allowing the attacker to reconfigure the PLC without a password.

This then allows the attacker to carry out attacks on remote code, including installing malware and taking steps to hide its presence.

Vulnerabilities in industrial control systems have been an increasing problem lately, but it is important to note that just because PLC’s like Schneider’s Modicon line are vulnerable, an attacker will not have an easy time taking control of them.

PLCs should not be internet-facing as this makes an attack easy.

Ideally, an attacker would need to gain access to a secure network before being able to find a PLC that can be exploited.

It is recommended that all organizations ensure that they have real-time visibility into internet-connected assets, whether internal or external.

Privacy and access management strategies are also crucial.

Finally, it is strongly recommended to disable universal plug-and-play protocols and configure each device manually.

For more information, read the original story in Techrepublic.

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways