Researchers at Armis discovered an authentication bypass vulnerability (CVE-2021-22779) in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). Modicon M580 The vulnerability, dubbed ModiPwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series. Millions of these PLCs and are now deemed to be at risk in what is considered to be a widescale vulnerability. … More
The post Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779) appeared first on Help Net Security.