SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
2 Nov 2016

Major vulnerability found in Schneider Electric unity pro

Schneider Electric is grappling with a critical vulnerability found in its flagship industrial controller management software called Unity Pro that allows hackers to remotely execute code on industrial networks.

The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered the vulnerability and issued a report on the flaw Tuesday. Mille Gandelsman, CTO of Indegy, called the vulnerability a “major concern” and urged anyone running Unity Pro software to update to the latest version.

Unity Pro, which runs on Window-based PCs, is used for managing and programing millions of industrial controllers around the world. “If the IP address of the Windows PC running the Unity Pro software is accessible to the internet, then anyone can exploit the software and run code on hardware,” Gandelsman told. “This is the crown jewel of access. An attacker can do anything they want with the controllers themselves.” The flaw resides in a component of Unity Pro software named Unity Pro PLC Simulator, used to test industrial controllers, according to Indegy.

“This is what an attacker would want to have access to in order to impact the actual production process within an ICS physical environment. That includes the valves, turbines, centrifuges and smart meters,” Gandelsman said. “With this type of access, an attacker can use it to change the recipe to drugs being manufactured by industrial control systems or turn off the power grid of a city.”

Gandelsman, who presented his research at the 2016 Industrial Control Systems Cyber Security Conference being held in Atlanta, Ga. this week, said that the vulnerability was discovered nearly six months ago and was privately disclosed to Schneider Electric at that time. Since the disclosure, Schneider Electric has patched the vulnerability. According to Indegy, the vulnerability is present in every control network that uses Schneider Electric controllers.

For its part, Schneider Electric on Oct, 14 acknowledged the flaw, issuing a “notification” to its customers. “The vulnerability is arbitrary code execution made possible by remotely downloading a patched project file to the Unity Simulator,” according to Schneider Electric. According to Indegy’s research the vulnerability is tied to the fact that “Unity Pro allows any user to remotely execute code directly on any computer on which (the Unity Pro) product is installed, in debug privileges,” according to a brief report on the vulnerability posted by Indegy. “The vulnerability found affects all versions of this software, including the latest one,” according to Indegy.

However, Schneider Electric said its most recent version (11.1) of the Unity Pro software is not impacted. The vulnerability, Indegy points out, does not require a compromise of the controllers in an ICS network because the industrial controllers lack authentication and industrial communications protocols lack encryption. “Regardless of the SCADA/DCS applications in use, if Schneider Electric controllers are deployed, this software will be used on the engineering workstations. This makes this attack relevant across virtually any process controlled by these PLCs,” Indegy said.

According to Schneider Electric’s description of the vulnerability, the flaw is tied to when a Unity project is compiled as x86 instructions and loaded onto the programmable logic controller (PLC) simulator. “It is possible to make the simulator execute malicious code by redirecting the control flow of these instructions: By implanting shellcode in free space of a Unity Pro project, then download and execute the patched project to the simulator.”

Asked if this vulnerability has been publicly exploited, Gandelsman said “I cannot address that. This is a vulnerability we detected. That is all I can say.” Schneider Electric did not respond to inquiries for comments. “This flaw is as bad as it gets,” Gandelsman said. Last year, Schneider Electric reported a number of vulnerabilities affecting the modules that support the company’s Factory Cast Modbus feature.

Another Schneider Electric bug was identified last year tied to a series of vulnerabilities related to credential and authentication verification in two of Schneider Electric’s HMI products that could have allowed an attacker who exploits them to be able to run arbitrary code. In a report, released in September by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), officials conclude that nagging issues continue to plague industrial control systems (ICS) and SCADA systems.

It found that a dearth of access controls limiting unauthorized access, poor software code quality, and the weakening, or absence of, crypotographic security when it comes to the protection of data and network communications were still not adequately being addressed by the industry.

Tags:
information leaks
Source:
Threatpost
1606
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015