Security News > 2021 > July > Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779)
Researchers at Armis discovered an authentication bypass vulnerability in Schneider Electric's Modicon programmable logic controllers that can lead to remote-code-execution.
Modicon M580. The vulnerability, dubbed ModiPwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series.
An attack that leverages ModiPwn would begin with network access to a Modicon PLC. Through this access, the attacker can leverage undocumented commands in the UMAS protocol and leak a certain hash from the device's memory.
This will allow the attacker to abuse additional undocumented commands that lead to remote-code-execution - a full takeover of the device.
Sophisticated attacks such as this have been seen in the wild before; the Triton malware, for example, was spotted targeting safety controllers by Schneider Electric used in petrochemical plants in Saudi Arabia.
"The trouble with these legacy devices found in OT environments is that historically, they have evolved over unencrypted protocols. It will take time to address these weak underlying protocols. In the meantime, organizations operating in these environments should ensure that they have visibility over these devices to see where their points of exposure lie. This is crucial to preventing attackers from being able to control their systems - or even hold them to ransom," Seri concluded.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/AjzUz6Qr89Q/
Related news
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- HPE Aruba Networking fixes four critical RCE flaws in ArubaOS (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)