"Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs"
Schneider Electric has released advisories about four vulnerabilities found in Modicon M221 Programmable Logic Controllers (PLCs). These vulnerabilities were discovered by researchers at Claroty and Trustwave. According to blog posts published by the cybersecurity firms, three of the security holes are rated high in severity and are associated with encryption and authentication. The exploitation of the vulnerabilities requires the attacker to have already established a foothold on the Operational Technology (OT) network. The circumvention of authentication protections and manipulation of the PLC can allow attackers to take over PLC actions, potentially resulting in control system failures or the compromise of systems' safety. This article continues to discuss the vulnerabilities discovered in Schneider Electric PLCs regarding their exploitation and potential impact.