A vulnerability in a computer control system from Schneider Electric, widely used in air conditioning systems, allows hackers to gain control over it. According to experts at Armis who discovered the problem, the problem poses a threat to the security of millions of devices.
The remote code execution vulnerability affects Modicon programmable logic controllers (PLCs) used in manufacturing plants and power plants. With its help, attackers can carry out a variety of different attacks, from deploying ransomware to interfering with commands sent to industrial equipment.
The vulnerability allows cybercriminals to intercept the command, which will leak the password hash from the device’s memory. Once they receive it, they can validate its use, weaken other security measures, and ultimately gain full control of the PLC. The attack requires access to the Network, which complicates but does not make it impossible for PLCs isolated from other systems, as is often the case in industrial environments.
Armis notified Schneider Electric of the issue in November 2020. The manufacturer is still working with other security researchers to fix it.
Catch up on more articles here
Follow us on Twitter here