Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs).
Four encryption and authentication issues in Modicon M221 PLCs were reported by Trustwave, three of which have been independently found by the security firm Claroty.
“Schneider Electric is aware of multiple vulnerabilities in its Modicon M221 product. The Modicon M221 is a Nano Programmable Logic Controller (PLC) made to control basic automation for machines. The M221 is configured using Machine Expert – Basic software.” Reads the advisory published by Schneider Electric. “Failure to apply the mitigations provided below may allow unauthorized users to replay authentication sequences, which could result in an attacker taking control over the PLC.”
The flaws in the PLCs are:
According to the analysis published by Claroty the flaw could be triggered by an attacker with a foothold on the OT network.
“The vulnerabilities reported to Schneider on June 10 can only be exploited by an attacker who already has a foothold on an OT network or ICS device.” states the analysis published by Claroty. “For example, an attacker could capture network traffic between the Modicon M221 PLC and the EcoStruxure Machine Expert Basic software that includes upload and download data or successful authentication attempts. This data is encrypted using a 4-byte XOR key, which is a weak encryption method.”
The vendor provided the following mitigations to reduce the risk of exploit:
The advisory also includes General Security Recommendations for the above vulnerabilities.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Schneider Electric)