Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Schneider Electric fixes critical security flaw in its industrial control equipment

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 27, 2016

It was recently discovered that a critical security vulnerability in Schneider Electric’s industrial controller management software created a potential entry point for hackers and miscreants to inject malicious code on some industrial networks.

The cybersecurity company Indegy discovered the now resolved flaw in Schneider Electric’s flagship industrial controller management software called Unity Pro.

“The critical security vulnerability in Unity Pro allows any user to remotely execute code directly on any computer on which this product is installed in various debug privileges,” Indegy asserted in a security advisory.

In a statement issued to users, Schneider Electric said the security hole had been addressed in the latest version of its software, however. Schneider is pushing out an alert to customers explaining how to guard against the security threat, either through various updates or by following its mitigating advisory portal.

The advisory reads: “Schneider Electric has become aware of a vulnerability in the Unity PRO Software prior to V11.1. We issued a Security Notification that shares mitigation recommendations. This security vulnerability is made possible when no application program has been loaded in the simulator, or when the application program loaded in the simulator is not password protected.”

David Zahn, general manager at PAS Inc, a provider of industrial control systems cybersecurity firm, added that further security bugs along the lines of the one successfully resolved by Schneider are inevitable because most industrial control technology was never designed with security in mind.

“It is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices, but no one should be surprised that such security vulnerabilities exist to begin with,” Zahn asserted users.

“This is 'tip of the iceberg' stuff as most control systems in the field today were designed without cybersecurity as even a consideration,” he added.

He also pointed out-- “It's also common to see control systems that are 15, 20, and 25 years old in a production environment. They rely on air gapping, complexity, and other factors to protect them, but nothing specific to cybersecurity was ever built within them. Most of the players in our industry are well aware of that."

The security hole in question was discovered in mid-April of this year. As is usually the case in such incidents, Schneider was privately notified to allow it to investigate and remedy the issue.

Indegy went public with its research this week at the 2016 Industrial Control Systems Cyber Security Conference in Atlanta, GA.

Mike Ahmadi, global director of critical systems security at Synopsys, added: "Security issues in control systems are widespread and continue to grow in numbers as researchers focus on uncovering them.”

Source: Indegy Cyber Security LLC.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer