Claroty Details Vulnerabilities in Schneider PLCs

  /     /     /  
Publicated : 23/11/2024   Category : security


Claroty Details Vulnerabilities in Schneider PLCs


The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.



Researchers at Claroty have released new details on authentication and encryption vulnerabilities found in Schneider Electric programmable logic controllers (PLCs). The vulnerabilities, if exploited, could allow an attacker to exfiltrate data, modify code, and execute commands on operational technology (OT) and critical infrastructure systems.
In June, Claroty researchers privately disclosed the vulnerabilities in Modicon M221 PLCs and EcoStruxure Machine Expert Basic to Schneider Electric. In all cases, according to a blog post detailing the findings, an attacker would have to establish a presence on the OT network and monitor data flowing between devices before exploiting weak encryption implementations to crack device authentication.
The Modicon series of PLCs was initially brought to market in the late 1960s, long before IT/OT convergence and a general understanding of the need for OT security. Mitigations for the four vulnerabilities included in this release are available from Schneider, and include a recommendation to set up network segmentation, to implement a firewall to block unauthorized access to TCP port 502, and to disable unused protocols within the Modicon M221 application.
For more, read
here
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Claroty Details Vulnerabilities in Schneider PLCs