Submission + - SCADA Systems Found to Have Numerous Built-In Flaw (threatpost.com)
Trailrunner7 writes: A long list of industrial-control modules manufactured by Schneider Electric and used to control operations at various industrial facilities contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable components. Security researcher Ruben Santamarta discovered and disclosed the problems and the ICS-CERT is warning users about the issue, as well.
The devices in question are Ethernet modules that are designed to communicate with programmable logic controllers over a network. They're used in industrial control systems and Santamarta took a look at the firmware that's used on the modules and found that not only were they accessible over the Internet, but also had a slew of hidden accounts, many with hard-coded passwords. His research shows that, with services such as Telnet, FTP and others exposed and available for attackers to probe, the systems running on these Schneider Electric Quantum Ethernet Modules are vulnerable to several kinds of attack.
The devices in question are Ethernet modules that are designed to communicate with programmable logic controllers over a network. They're used in industrial control systems and Santamarta took a look at the firmware that's used on the modules and found that not only were they accessible over the Internet, but also had a slew of hidden accounts, many with hard-coded passwords. His research shows that, with services such as Telnet, FTP and others exposed and available for attackers to probe, the systems running on these Schneider Electric Quantum Ethernet Modules are vulnerable to several kinds of attack.