Stuxnet-Style Attacks Still Possible Against PLCs

Originally designed to target Siemens SIMATIC PLCs, researchers recently demonstrated vulnerabilities from Stuxnet-style exploits could also affect similar products from other vendors. According to the report, researchers at Airbus CyberSecurity determined that a vulnerability in Schneider Electric’s Modicon M340 and M580 PLCs can be exploited to upload malicious code by replacing one of the DLL files associated with the engineering software. The attack targeted the controller via Schneider’s EcoStruxure Control Expert engineering software, formerly known as Unity Pro. While the exploit is not trivial to execute, a successful compromise could also grant the attacker access to the internal corporate network to steal proprietary data or target other connected systems. Additionally, researchers explained that the legitimate automation software would be running without showing any signs that a malicious program was embedded. The malicious part would periodically send requests to a command and control server controlled by the attacker over the Internet. For greater technical details on the exploit, control system engineers and ICS cybersecurity staff are encouraged to review Airbus’ analysis report. Read the security notification at Airbus