Security News > 2021 > July > Researchers warn of unpatched remote code execution flaws in Schneider Electric industrial gear

Armis security researchers have warned of severe and unpatched remote code execution vulnerabilities in Schneider Electric's programmable logic controllers, allowing attackers to take control of a variety of industrial systems.

The vulnerability itself, dubbed "ModiPwn," chains on two previously disclosed issues, discovered by security firm Talos in 2018 and 2019 respectively, which Schneider Electric claimed to have patched.

Worse, the flaws which had originally been classified as leading to denial-of-service attacks were found to allow remote code execution - meaning an unauthenticated attacker could take full control of the PLC and, by extension, whatever industrial equipment it was controlling.

As for what Modicon users can do to protect themselves, the researchers offered some tips: "Armis strongly recommends the use of Schneider Electric guidelines for secure configuration of Modicon PLCs such as the use of application passwords in project files, properly using network segmentation, and implementing access control lists to shield industrial controllers from unwanted communications and attacks."

"Our mutual findings demonstrate that while the discovered vulnerabilities affect Schneider Electric offers, it is possible to mitigate the potential impacts by following standard guidance, specific instructions; and in some cases, the fixes provided by Schneider Electric to remove the vulnerability."

Schneider Electric did not respond to follow-up questions on its Modbus Security progress or lack thereof, the location of the correct vulnerability notice and mitigation advice, nor on a firm timescale for fixing what are, contrary to the above statement, still-unpatched security vulnerabilities.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/13/armis_schneider_electric_flaw/