430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security flaws in Schneider Electric PLCs allow full take over

Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs). Four encryption and authentication issues in Modicon […]

Schneider Electric U.motion Builder

Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs.

Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs).

Four encryption and authentication issues in Modicon M221 PLCs were reported by Trustwave, three of which have been independently found by the security firm Claroty.

“Schneider Electric is aware of multiple vulnerabilities in its Modicon M221 product. The Modicon M221 is a Nano Programmable Logic Controller (PLC) made to control basic automation for machines. The M221 is configured using Machine Expert – Basic software.” Reads the advisory published by Schneider Electric. “Failure to apply the mitigations provided below may allow unauthorized users to replay authentication sequences, which could result in an attacker taking control over the PLC.”

The flaws in the PLCs are:

  • CVE-2020-7565 – A high-severity issue described as an inadequate encryption strength flaw that could be exploited to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.
  • CVE-2020-7566 – A high-severity issue described as small space of random values vulnerability that could be exploited to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.
  • CVE-2020-7567 – A high-severity issue described as missing encryption of sensitive data vulnerability that could be exploited to find the password hash when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller and broke the encryption keys.
  • CVE-2020-7568 – A low-severity issue described as an exposure of sensitive information to an unauthorized actor vulnerability that can be exploited to disclose non-sensitive information when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.

According to the analysis published by Claroty the flaw could be triggered by an attacker with a foothold on the OT network.

“The vulnerabilities reported to Schneider on June 10 can only be exploited by an attacker who already has a foothold on an OT network or ICS device.” states the analysis published by Claroty.For example, an attacker could capture network traffic between the Modicon M221 PLC and the EcoStruxure Machine Expert Basic software that includes upload and download data or successful authentication attempts. This data is encrypted using a 4-byte XOR key, which is a weak encryption method.”

The vendor provided the following mitigations to reduce the risk of exploit:

  • Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP.
  • Within the Modicon M221 application, the user must:
    • Disable all unused protocols, especially Programming protocol, as described in section “Configuring Ethernet Network” of EcoStruxure Machine Expert – Basic online help for the M221 PLC. This action will prevent unintended remote programming access.
    • Set a password to protect the project
    • Set a password for read access on the controller
    • Set a different password for write access on the controller

The advisory also includes General Security Recommendations for the above vulnerabilities.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Schneider Electric)

[adrotate banner=”5″]

[adrotate banner=”13″]