It has been confirmed that Schneider Electric’s Modicon PLC has a vulnerability that an attacker can control by bypassing security.
According to security company Armis, the vulnerability CVE-2021-22779 discovered was aimed at a patch flaw for DDoS attacks that Schneider Electric released with partial fixes in 2018 and 2019. After executing Modicon PLC network access, an attacker can bypass authentication and execute remote code that obtains a specific hash from the device memory using a protocol called Schneider Electric UMAS.
Amis has been working with Schneider Electric to respond to the vulnerability since November 2020, and discovered this vulnerability in the process. Amis said that fixing fundamental design flaws between Modicon and UMAS could take time, which could lead to new vulnerabilities in the future. He also showed a willingness to continue working with Schneider Electric to solve problems.
Schneider Electric will release the patch by the end of 2021, and has also released a model affected by the vulnerability and guidelines for mitigating potential impacts. The company says it will work with independent security research organizations to help protect users from vulnerabilities. Related information can be found here.