Vulnerabilities in Schneider Electric industrial devices

Schneider Electric has reported new vulnerabilities in its industrial devices. Specifically, security flaws have been identified in the company’s PowerLogic PM5560 and Modicon M221 devices.

A critical XSS vulnerability has been identified in PowerLogic PM5560 power meters with firmware versions prior to Version 2.5.4. The vulnerability is due to improper neutralization of input during web page generation. Its successful exploitation could allow user input to be manipulated, allowing for remote execution of Java script code.

To fix this vulnerability, installing a firmware update developed by the vendor is recommended.

The Modicon M221 logic controller is affected by four vulnerabilities, three of which have high severity ratings.

CVE-2018-7791 and CVE-2018-7792 are vulnerabilities that have to do with permissions, privileges, and access control. They could allow unauthorized users to decode the password using a rainbow table or overwrite it. Another flaw, CVE-2018-7790, allows unauthorized users to replay authentication sequences. Successful exploitation of any one of these three vulnerabilities allows an attacker to connect to the Modicon M221 PLC and upload the original program from the device.

The least severe of the four newly identified vulnerabilities, CVE-2018-7789, is improper check for unusual or exceptional conditions, which could allow an unauthorized user to remotely reboot the device using specially crafted programming protocol frames.

The above vulnerabilities affect Modicon M221 controllers with firmware prior to Version 1.6.2.0. The vendor has made available an update which fixes the newly identified issues.

Source: ICS-CERT