Category Archives: Schneider Electric

Airbus researcher explores ‘Stuxnet-type attack’ for security training

Posted on by

Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity. The computer worm drove home the idea that well-resourced hackers could sabotage industrial plant operations, and it marked a new era of state-sponsored cyber-operations against critical infrastructure. Years later, industrial cybersecurity experts are still learning from the destructive potential of Stuxnet’s code and how it was deployed. While Stuxnet was an extraordinary situation — an intensive operation designed to hinder Iran’s nuclear program — it holds lessons for the wider world in securing industrial equipment that moves machinery. In a new study to improve security, a researcher at the cybersecurity subsidiary of European planemaker Airbus describes how he designed a program to execute code in a “Stuxnet-type attack” on a programmable logic controller (PLC), the ruggedized computers that monitor and control industrial systems like pumps, circuit […]

The post Airbus researcher explores ‘Stuxnet-type attack’ for security training appeared first on CyberScoop.

Continue reading Airbus researcher explores ‘Stuxnet-type attack’ for security training

Urgent11 flaws affect more medical, industrial devices than previously thought

Posted on by

When, in late July, Armis researchers revealed the existence of the so-called Urgent11 vulnerabilities in Wind River’s VxWorks real-time operating system, they noted that RTOS offerings by other vendors may also be vulnerable. As it turns out, th… Continue reading Urgent11 flaws affect more medical, industrial devices than previously thought

Schneider Electric partners with Vericlave to protect customers’ critical IT and OT systems

Posted on by

Schneider Electric, the leader in the digital transformation of energy management and automation, partners with Vericlave, a leading cybersecurity technology provider. Under the terms of the agreement, Schneider Electric will provide Vericlave’s … Continue reading Schneider Electric partners with Vericlave to protect customers’ critical IT and OT systems

Schneider Electric’s car charging stations get crucial patches

Posted on by

Schneider Electric recently patched three security flaws in a popular type of electric-car charger that it manufactures, vulnerability assessment company Positive Technologies said Monday. The most serious of the vulnerabilities in the EVlink charging stations involved hard-coded credentials, meaning the units were shipped with default passwords or security keys embedded in their firmware. If hackers discover such credentials in any type of device, they can use them to gain wide access to them. Schneider and Positive Technologies labeled that flaw as “critical,” saying an intruder could halt the charging process and switch it into “reservation mode,” making a station unusable to anyone until the mode is turned off. Hackers could even control the socket locking hatch, letting them unlock and “walk away with the cable,” Positive Technologies said. A second vulnerability, rated as “high-risk,” allows for an attacker to execute arbitrary commands on the station and gain maximum privileges. And another vulnerability labeled as “medium” risk would let an attacker bypass authorization and access a […]

The post Schneider Electric’s car charging stations get crucial patches appeared first on CyberScoop.

Continue reading Schneider Electric’s car charging stations get crucial patches

Russian Malware Was Apparently Used in an Attempt to Sabotage a Saudi Petrol Plant

Posted on by

Cybersecurity firm FireEye points the finger at the Russian government and a government-linked facility for creating a destructive malware. Continue reading Russian Malware Was Apparently Used in an Attempt to Sabotage a Saudi Petrol Plant

Schneider Electric snafu shows the need to stay vigilant over supply chain

Posted on by

Energy-management software giant Schneider Electric has alerted customers that they may have received malware-laced USB drives in recent shipments of some of the company’s products. The USB drives contained product documentation and “non-essential software utilities” in support of Schneider Electric’s Conext Combox and Conext Battery Monitor solar-power-related products, the company said in a security advisory dated Aug. 24. Some USB drives shipped with the products “were contaminated with malware during manufacturing by one of our suppliers,” the advisory states. The USB drives do not contain operational software and the products’ operational security is therefore unaffected, according to Schneider Electric. “All major anti-malware” scanners can detect and block the malware, the company said. “Users are strongly encouraged to securely discard any USB removable media provided with these products,” the advisory says. “Users who believe they may have used one of the potentially-affected USB removable media are encouraged to perform a full scan […]

The post Schneider Electric snafu shows the need to stay vigilant over supply chain appeared first on Cyberscoop.

Continue reading Schneider Electric snafu shows the need to stay vigilant over supply chain

Remotely exploitable flaw in Schneider Electric PLCs is a danger to OT networks

Posted on by

A vulnerability in the Schneider Electric Modicon M221, a programmable logic controller (PLC) deployed in commercial industrial facilities worldwide, can be exploited to remotely disconnected the device from communicating in the ICS network. Schneider … Continue reading Remotely exploitable flaw in Schneider Electric PLCs is a danger to OT networks