Security News > 2021 > July > Vulnerability in Schneider Electric PLCs allows for undetectable remote takeover
A vulnerability discovered in Schneider Electric's Modicon programmable logic controllers, used in millions of devices worldwide, could allow a remote attacker to gain total and undetectable control over the chips, leading to remote code execution, malware installation and other security compromises.
Discovered by security researchers at asset visibility and security vendor Armis, the vulnerability, dubbed Modipwn, is similar to the vulnerability that was leveraged by the Triton malware that targeted Schneider Electric safety controllers used in Saudi Arabian petrochemical plants.
Reconfiguration, in turn, allows the attacker to perform remote code execution attacks, including installation of malware and steps to obfuscate their presence.
Schneider Electric said it applauds security researchers like Armis and has been working with the company to validate its claims and determine remediation steps.
"Our mutual findings demonstrate that while the discovered vulnerabilities affect Schneider Electric offers, it is possible to mitigate the potential impacts by following standard guidance, specific instructions; and in some cases, the fixes provided by Schneider Electric to remove the vulnerability," Schneider said in a statement.
PLCs shouldn't be internet facing: If they are, an attack is simple, but ideally an attacker would need to gain access to a secured network before being able to find a PLC to exploit.