• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers warn of critical security bugs in schneider electric modicon

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

You are here: Home / General Cyber Security News / Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
February 16, 2023

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric powered Modicon programmable logic controllers (PLCs) that could allow for for authentication bypass and remote code execution.

The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader assortment of security defects tracked by Forescout as OT:ICEFALL.

Prosperous exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-services, or disclosure of sensitive facts.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The cybersecurity enterprise reported the shortcomings can be chained by a menace actor with known flaws from other vendors (e.g., CVE-2021-31886) to attain deep lateral motion in operational technology (OT) networks.

plc scada vulnerability

“Deep lateral movement lets attackers gain deep access to industrial manage programs and cross usually missed security perimeters, allowing them to complete very granular and stealthy manipulations as well as override useful and safety restrictions,” Forescout claimed.

A remarkably intricate proof-of-notion (PoC) cyber-physical attack devised by the San Jose-dependent business observed that the flaws could be weaponized to bypass safety guardrails and inflict injury upon a movable bridge infrastructure.

With menace actors concocting innovative malware to disrupt industrial management techniques, the deep lateral movement afforded by these flaws could allow adversaries to use an “uninteresting machine as a staging point for shifting in direction of much more interesting targets.”

The conclusions appear close on the heels of 38 security flaws that have been exposed in wi-fi industrial internet of issues (IIoT) equipment and which could grant an attacker a direct line of access to OT networks, in accordance to cybersecurity organization Otorio.

Taken together, the weaknesses also underscore the serious threats to bodily functions from IoT products, cloud-based mostly administration platforms, and nested OT networks.

Discovered this posting interesting? Adhere to us on Twitter  and LinkedIn to go through a lot more exceptional articles we post.


Some sections of this short article are sourced from:
thehackernews.com

Previous Post: «gatewatcher to begin “aggressive” uk channel partner recruitment drive Gatewatcher to begin “aggressive” UK channel partner recruitment drive
Next Post: Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps hackers using google ads to spread fatalrat malware disguised as»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.