Security News > 2020 > November > Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
Two security vulnerabilities in Schneider Electric's programmable logic controllers could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks.
There are two types of application protection available: Read protection protects the controller's application from being read by any unauthorized personnel at the engineering workstation; and the write protection protects the controller's application from unauthorized changes.
"In order for an attacker to conduct a targeted attack, he will need to figure out the context of the tags that are used in the control logic. One way to make this process easier is to download the control logic from the controller and read the tags that are set to gain a complete understanding of the process that is deployed on the controller."
Critical infrastructure has become a main focus for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency this year, it announced.
In July, on the heels of a dire warning from CISA about impending critical infrastructure attacks, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module.
News URL
https://threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)