Claroty Details Vulnerabilities in Schneider PLCs

The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.

Dark Reading Staff, Dark Reading

November 11, 2020

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Researchers at Claroty have released new details on authentication and encryption vulnerabilities found in Schneider Electric programmable logic controllers (PLCs). The vulnerabilities, if exploited, could allow an attacker to exfiltrate data, modify code, and execute commands on operational technology (OT) and critical infrastructure systems.

In June, Claroty researchers privately disclosed the vulnerabilities in Modicon M221 PLCs and EcoStruxure Machine Expert Basic to Schneider Electric. In all cases, according to a blog post detailing the findings, an attacker would have to establish a presence on the OT network and monitor data flowing between devices before exploiting weak encryption implementations to crack device authentication.

The Modicon series of PLCs was initially brought to market in the late 1960s, long before IT/OT convergence and a general understanding of the need for OT security. Mitigations for the four vulnerabilities included in this release are available from Schneider, and include a recommendation to set up network segmentation, to implement a firewall to block unauthorized access to TCP port 502, and to disable unused protocols within the Modicon M221 application.

For more, read here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights