Unpatched RCE Bug Allows Ind & Utility Takeovers

By   ISBuzz Team
Writer , Information Security Buzz | Jul 15, 2021 05:12 am PST

BACKGROUND:

A new vulnerability applies to a family of Schneider Electric programmable logic controllers (PLCs) widely used in manufacturing and commercial controllers.  In a report released Tuesday, researchers at Armis dubbed the vulnerability “ModiPwn” because it takes advantage of undocumented commands in the Schneider Modicon device code of the M340, M580 and other models in the Modicon series of controllersNo Simple Patch Available: Schneider has released a set of mitigations for the bug but no one patch is available.