Schneider Electric patches vulns after Trustwave raises alarm
Two Schneider Electric SCADA products had vulnerabilities similar to the ones exploited in the Iran-bothering Stuxnet worm, an infosec outfit has claimed.
The vulns, uncovered by Trustwave and since patched, could be abused by a malicious person to interact with the SoMachine Basic v1.6 engineering software and the M221 programmable logic controller (PLC) to cause mischief or disrupt operations.
To exploit one of the flaws, you need to be able to reach the PLC via Modbus TCP/IP, and for the other, you need access to the Windows computer running SoMachine. That means you'll in all likelihood need to have compromised and infiltrated the plant, factory, or lab you wish to harm before you can get to work.
“The impact is that a malicious actor can start and stop the PLC remotely without au ..
Support the originator by clicking the read the rest link below.
