Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs).
Four encryption and authentication issues in Modicon M221 PLCs were reported by Trustwave, three of which have been independently found by the security firm Claroty.
“Schneider Electric is aware of multiple vulnerabilities in its Modicon M221 product. The Modicon M221 is a Nano Programmable Logic Controller (PLC) made to control basic automation for machines. The M221 is configured using Machine Expert – Basic software.” Reads the advisory published by Schneider Electric. “Failure to apply the mitigations provided below may allow unauthorized users to replay authentication sequences, which could result in an attacker taking control over the PLC.”
The flaws in the PLCs are:
According to the analysis published by Claroty the flaw could be triggered by an attacker with a foothold on the OT network.
“The vulnerabilities reported to Schneider on June 10 can only be exploited by an attacker who already has a foothold on an OT network or ICS device.” states the analysis published by Claroty. “For example, an attacker could capture network traffic between the Modicon M221 PLC and the EcoStruxure Machine Expert Basic software that includes upload and download data or successful authentication attempts. This data is encrypted using a 4-byte XOR key, which is a weak encryption method.”
The vendor provided the following mitigations to reduce the risk of exploit:
The advisory also includes General Security Recommendations for the above vulnerabilities.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Schneider Electric)
[adrotate banner=”5″]
[adrotate banner=”13″]
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
This website uses cookies.