• Home
  • Advertising
    • Why Advertise
    • Create Your Campaign
  • About
    • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
Thursday, July 7, 2022
No Result
View All Result
  • Login
  • Register

No products in the basket.

Submit News
Submit video
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
No Result
View All Result
No Result
View All Result

Armis unveils new Modipwn vulnerability in Schneider Electric PLCs

by Zoe Deighton Smythe
14/07/2021
in Cyber Security, PRESS RELEASE
Armis unveils new Modipwn vulnerability in Schneider Electric PLCs

An example of remote-code-execution (RCE)

Researchers at Armis have announced the discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE).

The vulnerability, dubbed Modipwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series. Millions of devices use these PLCs and are now deemed to be at risk in what is considered to be a widescale vulnerability. Such controllers are used widely in manufacturing, building services, automation applications, energy utilities, HVAC systems to name a few.  

An attack that leverages Modipwn would begin with network access to a Modicon PLC. Through this access, the attacker can leverage undocumented commands in the UMAS protocol and leak a certain hash from the device’s memory. Using this hash, the attacker can take over the secure connection between the controller and its managing workstation to reconfigure the controller with a password-less configuration. This will allow the attacker to abuse additional undocumented commands that lead to remote-code-execution – a full takeover of the device. 

This takeover can then be used to install malware on the controller that alters its operation and hide the existence of these alterations from the workstation that manages this controller. The CVE for this vulnerability is CVE-2021-22779. 

Regarding the discovery, Schneider Electric Corporate Product CERT released the following statement: “Schneider Electric is committed to collaborating openly and transparently. In this case, we have collaborated with these researchers to validate the research and to assess its true impact. Our mutual findings demonstrate that while the discovered vulnerabilities affect Schneider Electric offers, it is possible to mitigate the potential impacts by following standard guidance, specific instructions; and in some cases, the fixes provided by Schneider Electric to remove the vulnerability.

“As always, we appreciate and applaud independent cybersecurity research because, as in this case, it helps the global manufacturing industry strengthen our collective ability to prevent and respond to cyber-attacks. Working together has allowed us to improve our understanding of potential weaknesses in EcoStruxure Control Expert. It enabled us to disclose this vulnerability in a timely, responsible manner so that our customers and end-users can better protect their operations, assets, and people.

“Together, we continue to encourage the ecosystem of automation suppliers, cybersecurity solution providers, and end-users to collaborate to reduce cybersecurity risks; and support our customers to ensure they have implemented cybersecurity best practices across their operations and supply chains.”

Sophisticated attacks such as this have been seen in the wild before; the Triton malware, for example, was spotted targeting safety controllers by Schneider Electric used in petrochemical plants in Saudi Arabia. Attacks that alter operations of industrial controllers are a threat to both business continuity and safety, and attacks that hide from monitoring solutions can be extremely difficult to detect. 

“Armis and Schneider Electric have worked together to ensure the proper security mitigations are being provided. We urge all affected organisations to take action now,” said Ben Seri, Vice President of Research at Armis. “The trouble with these legacy devices found in OT environments is that historically, they have evolved over unencrypted protocols. It will take time to address these weak underlying protocols. In the meantime, organisations operating in these environments should ensure that they have visibility over these devices to see where their points of exposure lie. This is crucial to preventing attackers from being able to control their systems – or even hold them to ransom.” 

Visit here for additional resources.  

Tags: Armiscyber attackersModipwnSchneider Electric PLCsvulnerability
ShareTweetShare

Related Posts

Oprema announces partnership with Remote Management Gateway, CameraMate
PRESS RELEASE

Oprema announces partnership with Remote Management Gateway, CameraMate

Morphean announce expansion as cloud security grows in Europe
Physical Security

Morphean | Benefits of hosted security for a changing world

Cato Networks expands SASE presence new Point of Presence (PoP) in Copenhagen 
PRESS RELEASE

Cato Networks expands SASE presence new Point of Presence (PoP) in Copenhagen 

NCSC urges organisations to prepare for the long haul on Russia-Ukraine
Cyber Security

NCSC urges organisations to prepare for the long haul on Russia-Ukraine

Opinion | Channel 4’s The Undeclared War: Cyber Fact or TV Fiction?
Cyber Security

Opinion | Channel 4’s The Undeclared War: Cyber Fact or TV Fiction?

Optex opens new headquarters in the Netherlands
Business News

Optex opens new headquarters in the Netherlands

Load More

The Tannery, 3a John Street, Tunbridge Wells,
Kent TN4 9RU
All enquiries: +44 (0)1892 525141

  • Home
  • Advertising
  • About
  • Webinars
  • Social Wall
  • Contact Us
No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Home
  • Why Advertise
  • Create Your Campaign
  • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Product Groups
    • Access Control
    • Biometrics
    • Cyber Security
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Industry Sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities

© 2020 SecurityOnScreen.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.