29 March 2018
Multiple vulnerabilities identified in the Modicon family of industrial controllers
US CERT has published an advisory on vulnerabilities in the Modicon family of industrial controllers by Schneider Electric. Successful exploitation of these vulnerabilities could provide remote unauthorized attackers with access to the file transfer service on vulnerable devices, enabling them to execute arbitrary code or install malicious firmware.
The vulnerabilities identified affect the following Modicon PLC models:
- Modicon Premium;
- Modicon Quantum;
- Modicon M340;
- Modicon X80 RTU (BMXNOR0200H).
According to a security notification by Schneider Electric, the security issues identified are associated with three vulnerabilities in embedded FTP servers:
- Unlimited length of a command parameter, which may cause a buffer overflow condition (CVE-2018-7240). This vulnerability affects only Modicon Quantum PLCs;
- Hardcoded accounts (CVE-2018-7241), which can be used for unauthorized access;
- The use of hash algorithms that are vulnerable to hash function collision search attacks (CVE-2018-7242).
To minimize the risk associated with possible exploitation of the vulnerabilities, Schneider Electric recommends that access to Modicon PLCs be restricted using a firewall and that the FTP service be enabled only when necessary (the FTP service is disabled by default).
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021