July 13, 2021

A vulnerability in Schneider Electric Modicon programmable logic controllers could allow a remote attacker to gain complete control of the chips, resulting in remote code execution, malware installation, and other security issues.

The vulnerability affects the Modicon chips M340, M580 and other models of the Modicon series.

It violates Schneider’s unified messaging application services protocol, which is used to configure and monitor Schneider’s PLC – Modicon and others – by using undocumented commands that allow the attacker to release hashes from a device’s memory.

Once leaked, hackers can use the stolen hash to infiltrate the secure connection that UMAS establishes between the PLC and its management workstation, allowing the attacker to reconfigure the PLC without a password.

This then allows the attacker to carry out attacks on remote code, including installing malware and taking steps to hide its presence.

Vulnerabilities in industrial control systems have been an increasing problem lately, but it is important to note that just because PLC’s like Schneider’s Modicon line are vulnerable, an attacker will not have an easy time taking control of them.

PLCs should not be internet-facing as this makes an attack easy.

Ideally, an attacker would need to gain access to a secure network before being able to find a PLC that can be exploited.

It is recommended that all organizations ensure that they have real-time visibility into internet-connected assets, whether internal or external.

Privacy and access management strategies are also crucial.

Finally, it is strongly recommended to disable universal plug-and-play protocols and configure each device manually.

For more information, read the original story in Techrepublic.