Experts disclosed a critical flaw in Schneider Industrial Firewalls

CyberX experts at the SecurityWeek’s 2016 ICS Cyber Security Conference disclosed a critical flaw in the Schneider Industrial Firewalls.

This week, at the SecurityWeek’s 2016 ICS Cyber Security Conference, researchers at industrial security firm CyberX disclosed several important vulnerabilities.

The experts demonstrated how hackers can target ICS systems and passing security measures in places.

Among the vulnerabilities disclosed by the experts, there is a flaw affecting a Schneider Electric industrial firewall that could be exploited by hackers for remote code execution.

The vulnerability affects products of the Schneider Electric’s ConneXium TCSEFEC family of industrial ethernet firewalls. This family of products is used in the industrial contexts for the protection of SCADA systems, automation systems, industrial networks and other systems.

The experts discovered that the web-based administration interface of the Schneider Electric’s ConneXium TCSEFEC firewalls is affected by a buffer overflow. The exploitation of the flaw could allow attackers to execute arbitrary code.

The researchers also reported the flaw to the US ICS-CERT that is to issue a security advisory.

A threat actor could exploit the flaw to change firewall rules, eavesdrop on traffic, inject malicious traffic, and disrupt communications.

The researchers highlighted that the flaw is exploitable also by attackers that haven’t specific technical skills.

“Exploitation of this security hole could also lead to manipulation of control systems, which, in a worst case scenario, could result in physical damage. Programmable logic controllers (PLCs) typically don’t have any type of authentication, allowing attackers to easily gain access and exploit known or zero-day flaws.” reported Eduard Kovacs from Security Week.

Unfortunately, it is quite easy for attackers to target Schneider industrial firewalls that are easy to find thanks to search engines such as Shodan or Censys.

According to CyberX, the vendor Schneider Electric has already developed a security update to address the vulnerability, but it has yet released it.

The researchers from CyberX also reported seven zero-day flaws in PLC systems from a major unnamed vendor that is already working on a security update to fix them.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – SCADA, Schneider industrial firewall)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.