Security News

Schneider Electric confirms dev platform breach after hacker steals data
2024-11-04 19:22

Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server. [...]

Cactus ransomware claim to steal 1.5TB of Schneider Electric data
2024-02-19 19:35

The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. As BleepingComputer first reported, the ransomware group gained access to the energy management and automation giant's Sustainability Business division on January 17th. The gang is now extorting the company, threatening to leak all the allegedly stolen data if a ransom demand is not paid.

Energy giant Schneider Electric hit by Cactus ransomware attack
2024-01-29 20:10

Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the company's Sustainability Business division earlier this month on January 17th. The attack disrupted some of Schneider Electric's Resource Advisor cloud platform, which continue to suffer outages today.

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products
2023-06-20 19:08

Three security vulnerabilities have been disclosed in operational technology products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors.

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
2023-02-16 13:18

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 and CVE-2022-45789, are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL. Successful exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-service, or disclosure of sensitive information.

CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software
2022-02-28 03:35

The U.S. Cybersecurity and Infrastructure Security Agency last week published an industrial control system advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay," the agency said in a bulletin on February 24, 2022.

August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws
2021-08-12 13:10

Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products. Siemens has released 10 new advisories for the August 2021 Patch Tuesday and they cover a total of 32 vulnerabilities.

Arctic Wolf appoints Nick Schneider as CEO
2021-08-11 22:30

Arctic Wolf announced that Nick Schneider, president and chief revenue officer, has been appointed as chief executive officer, succeeding Brian NeSmith who will serve as executive chairman of the Board of Directors. Schneider has been the driving force behind Arctic Wolf's explosive growth and market leadership, securing remarkable 100% growth in year-over-year ARR for each of the last seven years.

ICS Patch Tuesday: Siemens and Schneider Electric Address 100 Vulnerabilities
2021-07-14 14:52

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company's products.

Critical Vulnerability Can Be Exploited to Hack Schneider Electric's Modicon PLCs
2021-07-13 11:10

A vulnerability affecting some of Schneider Electric's Modicon programmable logic controllers can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device. It can be exploited by an unauthenticated attacker who has network access to the targeted PLC. The exploit chain demonstrated by Armis also involves several other vulnerabilities discovered over the past few years.