A security vulnerability discovered in Schneider Electric Modicon controllers has the potential to severely disrupt industrial equipment and networks.
According to researchers from industrial cybersecurity firm Radiflow, the bug, tracked as CVE-2018-7789, “severely exposes the safety and availability of the ICS networks on which these devices were installed.”
The vulnerability is present in the Schneider Electric Modicon M221 controller and is described as an improper check for unusual or exceptional conditions error.
If exploited, the vulnerability could allow unauthorized users to remotely reboot the controller using crafted programming protocol frames.
Should the vulnerability result in unscheduled reboots, this would prevent the devices from communicating with the rest of an industrial control system (ICS) network, which would leave operators without any means to view or connect to the physical processes on an operational platform.
This could not only seriously impact the function of industrial control systems, but could also force corporations and factory managers to endure significant downtime in order to regain control of impacted devices.
It would also be possible for threat actors to potentially use the flaw to stage an attack in which multiple devices are rebooted at the same time, causing widespread disruption.
The bug was discovered by Radiflow CTO Yehonatan Kfir, who said there are at least two use cases in which the security flaw could be harnessed in exploit chains.
CVE-2018-7789 was discovered two months ago and privately reported to Schneider Electric. A security update has been issued to resolve the flaw.