Tenable®, Inc., the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications used in manufacturing, oil and gas, water, automation and wind and solar power facilities. If exploited, the vulnerability could give cybercriminals complete control of the underlying system.
Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.
This discovery comes just weeks after the Department of Homeland Security and the FBI issued a joint warning about Russian state-sponsored attacks against U.S. critical infrastructure. As underscored by the joint warning, OT systems have become high-value targets for cybercriminals around the world, which presents major challenges to human safety as well as ongoing productivity, uptime and efficiency.
Tenable PR Here