Jul 14, 2021
Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers
Posted by Genevieve Klien in category: robotics/AI
The ‘ModiPwn’ bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs.
A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs) has come to light, which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments.
If exploited, attackers could impact production lines, sensors and conveyor belts in factory settings, according to the researchers at Armis who discovered the bug – as well as affect devices familiar to the everyday consumer, such as elevators, HVACs and other automated devices.