Security News > 2020 > November > Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
Two security vulnerabilities in Schneider Electric's programmable logic controllers could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks.
There are two types of application protection available: Read protection protects the controller's application from being read by any unauthorized personnel at the engineering workstation; and the write protection protects the controller's application from unauthorized changes.
"In order for an attacker to conduct a targeted attack, he will need to figure out the context of the tags that are used in the control logic. One way to make this process easier is to download the control logic from the controller and read the tags that are set to gain a complete understanding of the process that is deployed on the controller."
Critical infrastructure has become a main focus for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency this year, it announced.
In July, on the heels of a dire warning from CISA about impending critical infrastructure attacks, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module.
News URL
https://threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/
Related news
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)