Get in Touch
Energy, manufacturing and technology industry sectors.
Schneider Electric has disclosed eight security advisories, the highlight of which pertains to the CODESYS runtime system, which contains details of flaws that can be exploited to cause denial-of-service (DoS) conditions and remote code execution (RCE). These vulnerabilities have been classified within the following CODESYS advisories:
- Advisory 2023-02
- Advisory 2023-03
A full list of the disclosed vulnerabilities can be found within the Schneider Electric Security Notification.
Successful exploitation of the vulnerabilities outlined in Advisory 2023-02 and Advisory 2023-03 could allow a threat actor to implement a DoS condition or attain RCE capabilities in specific situations.
Security patches for these vulnerabilities have been released by Siemens. Previous product versions therefore remain vulnerable to potential exploitation.
- CODESYS runtime system V3 communication server
- PacDrive controllers
- Modicon Controllers M241 / M251 / M262 / M258 / LMC058 / LMC078 / M218
- Simulation Runtime SoftSPS
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected product versions apply the relevant security patches as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoC) are available currently.
Schneider Electric occupies a significant portion of the power conversion equipment manufacturing industry market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Schneider Electric products have become a prime target. Due to the fact that these products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt for the purpose of compromise and the extraction of sensitive data contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution