Thursday, January 16, 2020

1 Advisory Published – 1-16-20


Today the CISA NCCIC-ICS published on control system security advisory for products from Schneider Electric.

Schneider Advisory

This advisory describes three separate improper check for unusual or exceptional conditions vulnerabilities in the Schneider Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium Controllers. The vulnerabilities were reported by Younes Dragoni of Nozomi Networks. Schneider has new firmware versions that mitigate the vulnerabilities.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to cause a denial-of-service condition.

NOTE: I briefly discussed the Schneider advisory for these three vulnerabilities back on December 14th, 2019. That advisory also credited Chansim Deng, Mengmeng Young and Gideon Guo for reporting these vulnerabilities

Other Schneider Advisories


As I mentioned earlier this week Schneider dropped one new advisory and two updates on Tuesday. I will be covering those this weekend. It looks like Schneider has joined Microsoft and Siemens in making the second Tuesday of the month ‘cybersecurity day’; no official declaration like Siemens did, but three months in a row kind of makes it a thing.

No comments:

 
/* Use this with templates/template-twocol.html */