Security News > 2023 > June > Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products
2023-06-20 19:08

Three security vulnerabilities have been disclosed in operational technology products from Wago and Schneider Electric.

The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors.

The most severe of the flaws is CVE-2022-46680, which concerns the plaintext transmission of credentials in the ION/TCP protocol used by power meters from Schneider Electric.

The other two new security holes relate to denial-of-service bugs impacting WAGO 750 controllers that could be activated by an authenticated attacker by sending specific malformed packets or specific requests after being logged out.

In concluding the OT:ICEFALL research, Forescout notes that vendors still lack a fundamental understanding of secure-by-design practices and that they release incomplete patches and fail to implement appropriate security testing procedures.

"This is worrying because as OT products start implementing security controls and end up getting certified, the perception of their security posture might change and the sense of urgency around compensating controls might drop - leading to a false sense of security," the company said.


News URL

https://thehackernews.com/2023/06/researchers-expose-new-severe-flaws-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2022-46680 Unspecified vulnerability in Schneider-Electric products
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.
network
low complexity
schneider-electric
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wago 159 0 18 36 21 75