Today the DHS ICS-CERT published a control system security advisory for Schneider Modicon PLCs. The advisory describes two vulnerabilities that were reported by Eran Goldstein of CRITIFENCE. These are not the vulnerabilities that I briefly described on Saturday. Schneider has developed compensating controls to mitigate the vulnerability. There is no indication that Goldstein was provided the opportunity to verify the efficacy of the fix. There are no indications that Schneider intends to produce a more permanent fix to these vulnerabilities.
The two reported vulnerabilities are:
• Authentication Bypass by Capture-Replay - CVE-2017-6034; and
• Violation of Secure Design Principles - CVE-2017-6032
ICS-CERT reports that a relatively low skilled attacker could remotely exploit these vulnerabilities to capture and replay sensitive commands to PLCs on a network using the Modicon Modbus protocol.
The Schneider security notification also mentions that SCADA/ICS Cyber Threats Research Group contributed to the identification of these vulnerabilities.