Today the CISA NCCIC-ICS published on control system
security advisory for products from Schneider Electric.
Schneider Advisory
This advisory
describes three separate improper check for unusual or exceptional conditions vulnerabilities
in the Schneider Modicon M580, Modicon M340, Modicon Quantum, and Modicon
Premium Controllers. The vulnerabilities were reported by Younes Dragoni of
Nozomi Networks. Schneider has new firmware versions that mitigate the
vulnerabilities.
NCCIC-ICS reports that a relatively low-skilled attacker could
remotely exploit these vulnerabilities to cause a denial-of-service condition.
NOTE: I briefly
discussed the Schneider advisory for these three vulnerabilities back on
December 14th, 2019. That advisory also credited Chansim Deng,
Mengmeng Young and Gideon Guo for reporting these vulnerabilities
Other Schneider Advisories
As I mentioned earlier this week Schneider dropped one new
advisory and two updates on Tuesday. I will be covering those this weekend. It
looks like Schneider has joined Microsoft and Siemens in making the second
Tuesday of the month ‘cybersecurity day’; no official declaration like Siemens
did, but three months in a row kind of makes it a thing.
No comments:
Post a Comment