23 November 2018
Critical vulnerability in Modicon M221 PLC
A critical vulnerability (CVE-2018-7798), which could lead to traffic interception, has been identified in Schneider Electric Modicon M221 PLCs. Successful exploitation of the vulnerability could allow attackers to modify an affected device’s IPv4 configuration, including its IP address, mask and gateway, when remotely connected to the device.
The issue, caused by an improper implementation of the network configuration module in UMAS protocol, leads to insufficient verification of the authenticity of incoming data transferred over that protocol.
A CVSS v.3 base score of 8.2 has been calculated for this vulnerability.
Schneider Electric has not yet released a firmware update for affected devices, but it has published recommendations to minimize the risk of this flaw being exploited. Specifically, the vendor recommends that owners of affected PLCs configure firewalls to block all remote/external access on port 502 of these devices and disable all unused network protocols, especially programming protocol.
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021