Multiple vulnerabilities found on Schneider Quantum Ethernet module

December 19, 2011

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has reported multiple vulnerabilities on Schneider Electric’s Quantum Ethernet module. The module is primarily used in Schneider Quantum PLCs (programmable controllers), but is also used in Premium PLC, M340 PLC and STB I/O products.

According to the report (ICS-ALERT-11-346-01), independent researcher Rubén Santamarta publicly announced details of the vulnerabilities, and Schneider has produced a fix for two of the reported vulnerabilities and is continuing to develop additional mitigations.

Santamarta found multiple hard-coded credentials in the firmware that enable access to the following services:

Telnet port—May allow remote attackers the ability to view the operation of the module’s firmware, cause a denial of service, modify the memory of the module and execute arbitrary code.
Windriver Debug port—Used for development; may allow remote attackers to view the operation of the module’s firmware, cause a denial of service, modify the memory of the module and execute arbitrary code.
FTP service—May allow an attacker to modify the module website, download and run custom firmware and modify the http passwords.

ICS-CERT is currently coordinating with Schneider Electric to develop mitigations. Additional information regarding the impact and mitigations will be issued as it becomes available.

Schneider Electric has created a fix for the Telnet and Windriver debug port vulnerabilities for the BMXNOE0100 and 140NOE77101 modules, which will be published on the Schneider website. This fix removes the Telnet and Windriver services from the modules. Organizations need to evaluate the impact of removing these services prior to applying this fix. ICS-CERT will provide additional information as mitigations become available for other identified vulnerabilities.

ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. These include:

1. Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.

2. Locate control system networks and devices behind firewalls, and isolate them from the business network.

3. If remote access is required, employ secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

Visit the ICS-CERT website or Schneider Electric for more information.

You must login or register in order to post a comment.

Building an Industry 4.0 Vision to Ensure Food Safety and Reduce Food Waste

Without a doubt, the world is changing, intensifying the need for companies to be more digitally connected. For the food and beverage industry, the fourth industrial revolution gives rise to technologies that help increase productivity, improve food safety, reduce food and resource waste, and provide full supply chain transparency from farm to consumers.

Exclusively sponsored by CRB, this webinar will explore the challenges facing food and beverage companies, how the largest companies are responding to them and how the industry as a whole is adapting to change.

Poll

COVID and Staffing

View Results

Poll Archive

Products

Packaging Research in Food Product Design and Development

Packaging Research in Food Product Design and Development is the first book to comprehensively address the issues of graphics design and visual concepts, from a systematic, scientific viewpoint, yet with business applications in mind.

See More Products

Multiple vulnerabilities found on Schneider Quantum Ethernet module

Food Engineering

2020 October

Multiple vulnerabilities found on Schneider Quantum Ethernet module

Related Articles

Related Products

Related Events

Report Abusive Comment