Unpatched RCE Bug Allows Ind & Utility Takeovers

BACKGROUND:

A new vulnerability applies to a family of Schneider Electric programmable logic controllers (PLCs) widely used in manufacturing and commercial controllers.  In a report released Tuesday, researchers at Armis dubbed the vulnerability “ModiPwn” because it takes advantage of undocumented commands in the Schneider Modicon device code of the M340, M580 and other models in the Modicon series of controllersNo Simple Patch Available: Schneider has released a set of mitigations for the bug but no one patch is available. 

Experts Comments

July 15, 2021
Ron Bradley
VP
Shared Assessments

The Schneider critical RCE vulnerability should come as a stark reminder for those reliant on Industrial Control Systems (ICS) to ensure they are following best practices starting with the physical and/or firewall hardened segmentation between OT and business networks.  Having a thoroughly documented asset inventory is an absolute must when it comes to preparing for and responding this type of event.

Policies and standards should be developed on the guidance laid out in IEC62443. Regular

.....Read More

The Schneider critical RCE vulnerability should come as a stark reminder for those reliant on Industrial Control Systems (ICS) to ensure they are following best practices starting with the physical and/or firewall hardened segmentation between OT and business networks.  Having a thoroughly documented asset inventory is an absolute must when it comes to preparing for and responding this type of event.

Policies and standards should be developed on the guidance laid out in IEC62443. Regular testing and on-going monitoring of OT networks is imperative.  Finally, a comprehensive incident response plan can mean the difference between a disaster or a drill.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.