Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities
A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications and energy utilities. The vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. “It’s a very wide range,” said Ben Seri, vice president of research at Armis. “It does reach on one end nation-states and sophisticated attacks in that type of scale, but it can also just be the next logical steps for ransomware attackers.” The vulnerability would allow attackers to hijack a command that would leak a password hash from the device’s memory. Once they have […]
The post Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities appeared first on CyberScoop.