Schneider Electric Modicon Controllers (ICSA-19-136-01)

The NCCIC has published an advisory on a use of insufficiently random values vulnerability in Schneider Electric Modicon Controllers. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to hijack TCP connections or cause information leakage. Schneider Electric recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability. Read the advisory at NCCIC/ICS-CERT.