emPOWERUP Virtual: First Look at Operations Hub 2.1: Aug. 4
July 20, 2021
Episode 15: Why Your OT Cybersecurity Strategy Needs a Crash Test Dummy
July 23, 2021

Schneider Electric PLC Cyber Alert: 5 Ways to Protect Your Organization

Cybersecurity researchers identified a troubling vulnerability in Schneider Electric Modicon PLCs that could be used to bypass normal authentication safeguards and wreak havoc on one of the most common PLC device brands in IoT.

 
At greatest risk are companies that have unwittingly allowed one of these vulnerable PLCs to be connected to the internet.

A cybercriminal who finds one and takes control could launch a ransomware attack, steal sensitive data, shut down HVAC systems, deactivate lights, disable emergency back-up systems and more.

A cursory search on Shodan Search Engine, the Google of internet-connect devices, turned up 92 examples globally and 12 in the U.S. of vulnerable, internet-connected Schneider Electric Modicon PLCs.

And that was just one vulnerable PLC model.

Schneider says a total of six PLC models have the vulnerability, and a patch isn't expected until Q4 2021. In less than 30 minutes, a search on Shodan revealed a vulnerable Schneider Electric PLC connected to the internet at an organization in Pittsburgh that has assets worth millions of dollars. This is just one example.

"Bad actors are looking for low-hanging fruit like this when a security advisory comes out because they know that some companies either aren't aware of the vulnerability or won't move quickly enough to eliminate risks."

Scott Christensen, GrayMatter Cybersecurity Practice Director

Industrial organizations that follow best practices in cybersecurity — such as ensuring no PLCs are connected to the internet — are in a much better position to deal with unpatched threats like this one.

No organization is perfect, and many might not know the level of exposure to this type of risk. That's where third parties like GrayMatter can help by conducting comprehensive cybersecurity assessments of an organization's IoT assets.

 
Are any PLCs on the network connected to the internet?
Yes/No/I'm not sure
Do I have an accurate map and inventory of my network's connected assets?
Yes/No/I'm not sure
Does my team have real-time visibility of internet-facing assets to detect anomalies quickly?
Yes/No/I'm not sure
Have I implemented zero-trust architecture?
Yes/No/I'm not sure
Do I have a strategy to backup and implement security patches?
Yes/No/I'm not sure