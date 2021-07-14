Cancel
Armis Discloses Critical Attack Vector That Allows Remote Take-Over of Schneider Electric Industrial Controllers

New ModiPwn vulnerability puts Schneider Electric PLCs in global organizations at risk to attacker takeover. Researchers at Armis, the unified asset visibility and security platform provider, have announced the discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). The vulnerability, dubbed ModiPwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series. Millions of these PLCs and are now deemed to be at risk in what is considered to be a widescale vulnerability. Such controllers are used widely in manufacturing, building services, automation applications, energy utilities, HVAC systems to name but a few.

