Several programmable logic controllers (PLCs) from Schneider Electric’s Modicon series that automate industrial processes in factories, energy utilities, HVAC systems and other installations are impacted by a flaw that could allow hackers to bypass their authentication mechanism and execute malicious code. According to researchers from security firm Armis, who found and reported the vulnerability, attackers with network access to impacted controllers could exploit the issue to install malware that alters the operation of the controllers and hides those malicious changes from the workstations and operators managing them.

Attacks against industrial controllers have been observed in the wild in the past with Stuxnet, the cyber-sabotage worm that infected Siemens PLCs used to control uranium enrichment centrifuges at Iran’s Natanz nuclear plant, and with Triton, the malware that targeted Triconex safety controllers at a petrochemical plant in Saudi Arabia.

To read this article in full, please click here

By admin