Researchers at Claroty have found out new details on authentication and encryption vulnerabilities in Schneider Electric programmable logic controllers (PLCs). If exploited, these vulnerabilities could allow an attacker to exfiltrate data, modify code, and execute commands on operational technology (OT) and critical infrastructure systems.
In June, Claroty disclosed details on four vulnerabilities in Schneider Electric’s Modicon M221 programmable logic controller (PLC) and EcoStruxure Machine Expert Basic. The vulnerabilities could allow an advanced attacker to bypass authentication on these devices, break the encryption securing data transfers, modify code, and run commands. In all cases an attacker would have to establish a connection on the OT network and monitor data flowing between devices before exploiting weak encryption implementations to crack device authentication.
The Modicon series of PLCs was initially brought to market in the late 1960s, long before IT/OT convergence and a general understanding of the need for OT security. Mitigations for the four vulnerabilities included in this release are available from Schneider, and include a recommendation to set up network segmentation, to implement a firewall to block unauthorized access to TCP port 502, and to disable unused protocols within the Modicon M221 application.