Several programmable logic controllers (PLCs) from Schneider Electric’s Modicon series that automate industrial processes in factories, energy utilities, HVAC systems and other installations are impacted by a flaw that could allow hackers to bypass their authentication mechanism and execute malicious code. According to researchers from security firm Armis, who found and reported the vulnerability, attackers with network access to impacted controllers could exploit the issue to install malware that alters the operation of the controllers and hides those malicious changes from the workstations and operators managing them.
[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ]Attacks against industrial controllers have been observed in the wild in the past with Stuxnet, the cyber-sabotage worm that infected Siemens PLCs used to control uranium enrichment centrifuges at Iran's Natanz nuclear plant, and with Triton, the malware that targeted Triconex safety controllers at a petrochemical plant in Saudi Arabia.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
