Blog

Jul 14, 2021

Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers

Posted by in category: robotics/AI

The ‘ModiPwn’ bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs.

A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs) has come to light, which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments.

If exploited, attackers could impact production lines, sensors and conveyor belts in factory settings, according to the researchers at Armis who discovered the bug – as well as affect devices familiar to the everyday consumer, such as elevators, HVACs and other automated devices.

Comments are closed.