Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
Researchers at Claroty have released new details on authentication and encryption vulnerabilities found in Schneider Electric programmable logic controllers (PLCs). The vulnerabilities, if exploited, could allow an attacker to exfiltrate data, modify code, and execute commands on operational technology (OT) and critical infrastructure systems.
In June, Claroty researchers privately disclosed the vulnerabilities in Modicon M221 PLCs and EcoStruxure Machine Expert Basic to Schneider Electric. In all cases, according to a blog post detailing the findings, an attacker would have to establish a presence on the OT network and monitor data flowing between devices before exploiting weak encryption implementations to crack device authentication.
The Modicon series of PLCs was initially brought to market in the late 1960s, long before IT/OT convergence and a general understanding of the need for OT security. Mitigations for the four vulnerabilities included in this release are available from Schneider, and include a recommendation to set up network segmentation, to implement a firewall to block unauthorized access to TCP port 502, and to disable unused protocols within the Modicon M221 application.
For more, read here.
About the Author
You May Also Like
Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024