Skip to content
  • Home
  • Social Media
  • About Us
  • Privacy Policy
    • Cookie Policy
    • Terms of Use
  • Amazon Affiliate Disclaimer
  • Sitemap
Menu

lumialivecentre.com

  • Home
  • Social Media
  • About Us
  • Privacy Policy
    • Cookie Policy
    • Terms of Use
  • Amazon Affiliate Disclaimer
  • Sitemap
Home / Social Media / Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs
Posted inSocial Media

Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs

Posted By Baris Posted on December 12, 2020
Comments are off

This week Schneider Electric made recommendations on weaknesses affecting various products, including holes that can be used to control Modicon M221 Programmable Logic Controllers (PLCs).

A total of four vulnerabilities were discovered in the Modicon M221 PLC by researchers from Claroty, an industrial company in the field of cyber security. Three of them were identified independently by employees of Trustwave, a cyber security company. Both Trustwave and Claroty have published blog posts with detailed results.

The security holes, three of which Schneider has classified as high, concern encryption and authentication. The French industrial giant has communicated a number of recommendations that can be implemented by customers to reduce the risk of attacks.

Karl Sigler, senior threat manager at Trustwave, told SecurityWeek that the attacker needed access to the OT network to exploit one of the vulnerabilities.

By bypassing authentication security and direct access to the PLC’s manipulations, an attacker can gain full control over the PLC’s actions, which can be disastrous, depending on the type of OT environment the PLC uses, Sigler explains. This can lead to a complete failure of the control systems or to dangerous situations in which the safety of the systems is endangered.

Yehuda Anikster, senior researcher at Claroty, told SecurityWeek that exploiting vulnerabilities requires intercepting traffic between the EcoStruxure machine design software and the PLC software it focuses on.

In this case, intruders must wait for the engineer or technician to login and enter the password or perform download operations on the M221 using the engineering software, says Anicster. At this point, attackers have everything they need, and they can now extract the encryption key from the recorded network traffic to decrypt the read/write passwords from the traffic.

Once the intruders have received the read/write passwords, they can do anything with the M221 PLC as if they were engineers themselves. This includes downloading the M221 program, downloading (and overwriting) the program to the M221, changing read/write passwords, stop/starting the M221, and much more, the researcher added. For example, attackers can take out all the code running on M221 and steal the logic of the business process. Another possible scenario is to remove all code and change all passwords in M221, block all access to the devices and shut down the PLC in case of a denial of service attack. In addition, cunning attackers can launch a Stuxnet attack and easily change the code to M221 to destroy the company’s devices.

Read more about vulnerabilities in industrial systems during the ICS Cyber Security Conference and the SecurityWeek Security Summits virtual events series.

This week Schneider Electric also informed its customers about critical vulnerabilities affecting its PLC Simulator product, including those enabling random execution of commands and DoS attacks.

He also warned of the critical weakness of the Easergy T300 RTU, which allows the execution of DoS commands and attacks, as well as several highly reliable remote code execution vulnerabilities affecting the Interactive Graphical SCADA System (IGSS) product.

The supplier also advised customers to use advanced security measures to protect the Q Data Radio and J Data Radio equipment in the firewood slaughterhouse, a Russian malware program recently described in detail by the NSA and the FBI.

That’s what it looks like: Another Stuxnet-like vulnerability has been discovered in Schneider Electric’s software.

That’s what it looks like: Schneider Electric corrects weaknesses in Modicon, EcoStruxure products.

http://server.digimetriq.com/wp-content/uploads/2020/11/1604399405_189_NAT-Slipstreaming-Visiting-Malicious-Site-Can-Expose-Local-Network-Services.png

http://server.digimetriq.com/wp-content/uploads/2020/10/Hackers-Can-Open-Doors-by-Exploiting-Vulnerabilities-in-Hormann-Device.jpg

@EduardKovacs – Publisher of the Safety Week. He worked for two years as a high school computer science teacher before starting a career in journalism as a security reporter for Softpedia. Edouard has a bachelor’s degree in industrial computer sciences and a master’s degree in computer engineering for electrical engineering.

Previous chronicles of Eduard Kovacs :

http://server.digimetriq.com/wp-content/uploads/2020/10/1603891152_892_Compromised-CMS-Credentials-Likely-Used-to-Hack-Trump-Campaign-Website.jpg Keywords:

Related Tags:

Previous Article Best Weather Apps for Linux – Linux Hint
Next Article Hat trick for Google as it patches two more zero-days in Chrome – Malwarebytes Labs

Related Posts

Posted inSocial Media

What do I need to know to make calls on WhatsApp?

After reading this guide, you will learn how to make a voice or video call on WhatsApp from your iPhone or Android device. Hello, friends. It’s Frankie again. Today I want to talk about another trick that can help you

Read More about What do I need to know to make calls on WhatsApp?
Posted By Baris Posted on December 21, 2020
Comments are off
Posted inSocial Media

The App To Help You Come up With a Dating Activity

Menu item and details. Words: 943 Reading time: ~4 minutes This can be a problem for couples when it comes to making decisions together. If you’re in a relationship, decisions about what you do on date night need to be

Read More about The App To Help You Come up With a Dating Activity
Posted By Baris Posted on December 21, 2020
Comments are off
Posted inSocial Media

Space Wolf Review –

Sons of Russia comes to the Nintendo Switch in a new version of Warhammer 40,000 : Space Wolf by developer HeroCraft. Once the game is loaded, the player is greeted with a roaring and murderous Space Wolves logo. Tips are

Read More about Space Wolf Review –
Posted By Baris Posted on December 19, 2020
Comments are off

Recent Posts

  • HappyForms Review: One of the best form plugins on the market
  • Using PowerShell to View and Change BIOS Settings
  • What Are the Most Profitable Website Types in 2020
  • 10 best software to improve video quality [2021 Guide]
  • How to Install Android Q on Windows 10 PC – Latest Version
  • How Web Design affects SEO –
  • How to Stop Programs From Running at Startup on Windows 10 (Updated)
  • How to Fix “The selected virtual disk is incompatible with this workstation…”
  • CleanMyMac X Review –
  • Best Elementor Ecommerce Themes To Use In 2021
  • How to Get YouTube Premium Free Trial of 3 Months using Google One
  • How to Delete a Blogger Blog Permanently in 3 Minutes
  • Find out how Custom Software is Different from Packaged Software.
  • Xender for PC Windows 10/8.1/7 32-64 Bit Laptop Download
  • Best Minecraft taiga biome seeds
© Copyright 2018. Theme by BloomPixel