Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
Researchers at Claroty have released new details on authentication and encryption vulnerabilities found in Schneider Electric programmable logic controllers (PLCs). The vulnerabilities, if exploited, could allow an attacker to exfiltrate data, modify code, and execute commands on operational technology (OT) and critical infrastructure systems.
In June, Claroty researchers privately disclosed the vulnerabilities in Modicon M221 PLCs and EcoStruxure Machine Expert Basic to Schneider Electric. In all cases, according to a blog post detailing the findings, an attacker would have to establish a presence on the OT network and monitor data flowing between devices before exploiting weak encryption implementations to crack device authentication.
The Modicon series of PLCs was initially brought to market in the late 1960s, long before IT/OT convergence and a general understanding of the need for OT security. Mitigations for the four vulnerabilities included in this release are available from Schneider, and include a recommendation to set up network segmentation, to implement a firewall to block unauthorized access to TCP port 502, and to disable unused protocols within the Modicon M221 application.
For more, read here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024