Every industrial cybersecurity question demands a tailor-made answer and solution. Our focused team of professionals who understand your business are here to assist your company in securing your mission critical facilities to the highest level.
The ‘ModiPwn’ bug lays open production lines, sensors, HVACs and more that use Schneider Electric PLCs.
July 2021, a critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs) has come to light, which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments.
If exploited, attackers would have been able to impact production lines, sensors and conveyor belts in factory settings, according to the researchers at Armis who discovered the bug – as well as affect everyday devices, such as elevators, HVACs and other automated devices.
The vulnerability (CVE-2021-22779), which takes advantage of undocumented commands in device code, impacts the Modicon M340, M580 and other models from the Modicon series, according to Armis, which dubbed it “ModiPwn.” It’s technically an authentication bypass by spoofing vulnerability, researchers said, and it rates 9.8 out 10 on the CVSS vulnerability-rating scale, making it critical.
You can read a related article here