Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Schneider patches its StruxureWare industrial control software

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 2, 2017

We learned today that Schneider Electric has finally issued a security patch for its StruxureWare Data Center industrial control software following the discovery of a new security bug that could allow the remote access to unencrypted passwords.

The Stuxnet security flaw continues to keep large infrastructure system admins up at night. The Schneider Electric's control software is designed to monitor physical infrastructure at data centres handling everything from cooling to backup generators.

The security bug was discovered by Positive Technologies and it simply means that an attacker can recover passwords from RAM on the client side of the platform, where they are held in unencrypted form.

"A potential hacker could use this security vulnerability to penetrate the internal network at a data centre, obtain confidential information, or even cause physical harm," said Ilya Karpov, head of the ICS Research and Audit Unit at Positive Technologies.

"A potential security hole such as this threatens the functioning of critical systems on which data centres depend-- video surveillance, fire suppression, backup generators and various control units, UPSs, switches, pumps and precision cooling systems."

The good news is that Schneider Electric has developed a security update that resolves the weakness, rated 7.6 on the CVSS v3 scale. The vendor is urging its customers to upgrade all installations of StruxureWare Data Center Expert to the latest version, v7.4.

In a statement, the vendor told us-- "Schneider Electric has become aware of a security vulnerability in StruxureWare Data Center Expert 7.3.1.114 and 7.2.4 and earlier versions of the software. The vulnerability identified is related to the storage of the admin passwords. It has been discovered that some passwords are stored in cleartext in random access memory (RAM). We issued a security notification that shares mitigation recommendations."

Schneider Electric systems have thrown up similar unencrypted password bugs in the past, which has to be a concern, even though both vendor and security researchers collaborated successfully to resolve the latest vulnerability. We'll keep you updated.

Source: Schneider Electric Inc.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer