ClickCease New Modicon PLC vulnerabilities uncovered by researchers

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

New Modicon PLC vulnerabilities uncovered by researchers

February 27, 2023 - TuxCare PR Team

Forescout researchers discovered two new vulnerabilities in Schneider Electric’s Modicon programmable logic controllers (PLCs), which could allow for authentication bypass and remote code execution.

The flaws, identified as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a larger collection of security flaws identified as OT:ICEFALL by Forescout. An adversary who successfully exploits the bugs may be able to execute unauthorized code, cause a denial of service, or disclose sensitive information.

Unauthenticated remote code execution, a weak password vulnerability, and a file upload vulnerability are among the flaws. The researchers used these flaws to move laterally through the ICS network, compromise additional PLCs, and eventually cause physical damage to equipment.

https://tuxcare.com/whitepapers/crowdstrike/

The vulnerabilities affect several Modicon PLC models, including the M221, M221 Book, M241, and M251. The flaws are especially concerning because they can be exploited without authentication, which means an attacker does not need a username or password to exploit them.

An attacker begins the attack by exploiting a vulnerability in a Wago coupler in order to communicate with a Modicon PLC. The attacker then bypasses the UMAS service authentication on the PLC and achieves remote code execution on the PLC in an attempt to gain access to the internals of the bridge control system.

The hacker can then manipulate field devices connected to the controller. Before attempting to cause physical harm, the threat actor takes advantage of a remote code execution vulnerability in an Allen Bradley safety controller designed to prevent accidents.
The attack method is covert, allowing the hacker to engage in a variety of malicious activities without drawing suspicion.

Schneider had asked the researchers not to include the two bugs on the ICEFALL list so that the company could work with customers to resolve the issues before they were made public. The two flaws, CVE-2022-45788 and CVE-2022-45789, affect Schneider’s Modicon Unity line of programmable logic controllers (PLCs).

Schneider Electric has since acknowledged the vulnerabilities and stated that patches to address them have been released.

The sources for this piece include an article in TheHackerNews.

Summary
New Modicon PLC vulnerabilities uncovered by researchers
Article Name
New Modicon PLC vulnerabilities uncovered by researchers
Description
Forescout researchers discovered two new vulnerabilities in Schneider Electric's Modicon programmable logic controllers (PLCs).
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter