Security News > 2020 > March > Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks

Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks
2020-03-31 12:42

Researchers demonstrated recently that hackers could launch a Stuxnet-style attack against Schneider Electric's Modicon programmable logic controllers, but it's believed that products from other vendors could also be vulnerable to the same type of attack.

Researchers at Airbus CyberSecurity have analyzed Schneider Electric's Modicon M340 PLC to determine if it's vulnerable to similar attacks.

"Airbus Cybersecurity's research was intended to demonstrate the theoretical possibility of executing a very specific type of cyber-attack on industrial controllers under certain conditions, such as when an attacker has already compromised the engineering workstation or has had unauthorized access to the targeted controller. The aim of the research was to help Airbus Cybersecurity protect its operations technology and industrial assets in general," a Schneider Electric representative told SecurityWeek.

"Through our collaboration with them, our mutual findings demonstrate that while the discovered vulnerability affects Schneider Electric offers, it equally impacts many other vendors and the global industrial automation market in general, especially when the baseline assumption of the attack technique Airbus Cybersecurity demonstrated is considered. Given certain conditions, and assuming an attacker has access to the network, many devices available from several different industrial control vendors are likewise vulnerable to this type of cyber-attack," they added.

Schneider Electric and Airbus say they encourage all industrial companies to ensure that they have implemented cybersecurity best practices across their operations and supply chains in an effort to reduce the risk of attacks.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/z7hdRQp2Bo4/industrial-controllers-still-vulnerable-stuxnet-style-attacks